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Abstract. This work proposes tractable bisimulations for the higher-order n- 
calculus with session primitives (HO;r) and offers a complete study of the ex¬ 
pressivity of its most significant subcalculi. First we develop three typed bisim¬ 
ulations, which are shown to coincide with contextual equivalence. These char¬ 
acterisations demonstrate that observing as inputs only a specific finite set of 
higher-order values (which inhabit session types) suffices to reason about HOtr 
processes. Next, we identify HO, a minimal, second-order subcalculus of HO;?r 
in which higher-order applications/abstractions, name-passing, and recursion are 
absent. We show that HO can encode HOtr extended with higher-order applica¬ 
tions and abstractions and that a first-order session ;r-calculus can encode HOtt. 
Both encodings are fully abstract. We also prove that the session ;r-calculus with 
passing of shared names cannot be encoded into HO;r without shared names. We 
show that HO;r, HO, and n are equally expressive; the expressivity of HO enables 
effective reasoning about typed equivalences for higher-order processes. 
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1 Introduction 

By combining features from the /l-calculus and the 7r-calculus, in higher-order process 
calculi exchanged values may contain processes. In this paper, we consider higher-order 
calculi with session primitives, thus enabling the specification of reciprocal exchanges 
(protocols) for higher-order mobile processes, which can be verified via type-checking 
using session types E). The study of higher-order concurrency has received significant 
attention, from untyped and typed perspectives (see, e.g., 0531481471221351291281241551 1. 
Although models of session-typed communication with features of higher-order concur¬ 
rency exist I33I14I . their tractable behavioural equivalences and relative expressiveness 
remain little understood. Clarifying their status is not only useful for, e.g., justifying 
non-trivial mobile protocol optimisations, but also for transferring key reasoning tech¬ 
niques between (higher-order) session calculi. Our discovery is that linearity of session 
types plays a vital role to offer new equalities and fully abstract encodability, which to 
our best knowledge have not been proposed before. 

The main higher-order language in our work, denoted HOtt, extends the higher- 
order TT-calculus B8l with session primitives; it contains constructs for synchronisation 
on shared names, recursion, name abstractions (i.e., functions from name identifiers to 
processes, denoted Ax.P) and applications (denoted (Ax.P)a); and session communi¬ 
cation (value passing and labelled choice using linear names). We study two signih- 
cant subcalculi of HOtt, which distil higher- and hrst-order mobility: the HO-calculus, 
which is HOtt without recursion and name passing, and the session 7r-calculus (here 
denoted tt), which is HOtt without abstractions and applications. While tt is, in essence, 
the calculus in lfT9l . this paper shows that HO is a new core calculus for higher-order 
session concurrency. 

In the first part of the paper, we address tractable behavioural equivalences for HOtt. 
A well-studied behavioural equivalence in the higher-order setting is context bisimilar¬ 
ity ll46l . a labelled characterisation of reduction-closed, barbed congruence, which of¬ 
fers an appropriate discriminative power at the price of heavy universal quantihcations 
in output clauses. Obtaining alternative characterisations is thus a recurring issue in the 
study of higher-order calculi. Our approach shows that protocol specihcations given 
by session types are essential to limit the behaviour of higher-order session processes. 
Exploiting elementary processes inhabiting session types, this limitation is formally 
enforced by a refined (typed) labelled transition system (LTS) that narrows down the 
spectrum of allowed process behaviours, thus enabling tractable reasoning techniques. 
Two tractable characterisations of bisimilarity are then introduced. Remarkably, using 
session types we prove that these bisimilarities coincide with context bisimilarity, with¬ 
out using operators for name-matching. 

We then move on to assess the expressivity of HOtt, HO, and n as delineated by 
typing. We establish strong correspondences between these calculi via type-preserving, 
fully abstract encodings up to behavioural equalities. While encoding HO;7r into the n- 
calculus preserving session types (extending known results for untyped processes) is 
significant, our main contribution is an encoding of HOtt into HO, where name-passing 
is absent. 

We illustrate the essence of encoding name passing into HO; to encode name output, 
we “pack” the name to be passed around into a suitable abstraction; upon reception, the 
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Fig. 1 Encodability in Higher-Order Session Calculi. Precise encodings are defined in 
Definitionl5.5l 



Identity encoding -> 

Precise encoding -► 

Derivable encoding -► 


receiver must “unpack” this object following a precise protocol. More precisely, our 
encoding of name passing in HO is given as; 

la\{b)n^a\{Az.zl{x).{xb)).m 

lalixlQJ - a7(y).(v s)(ys \ s!(Ax. [gD.O) 

where a,b are names; s and s are linear names (called session endpoints)', a\{V).P and 
al{x).P denote an output and input at a; and (v s)iP) is hiding. A (deterministic) reduc¬ 
tion between endpoints s and s guarantees name b is properly unpacked. Encoding a 
recursive process pX.P is also challenging, for the linearity of endpoints in P must be 
preserved. We encode recursion with non-tail recursive session types; for this we apply 
recent advances on the theory of session duality ED. 

We further extend our encodability results to i) HOtt with higher-order abstractions 
(denoted HO;7r''') and to ii) HO;7r with polyadic name passing and abstraction (HOt?); 
and to their super-calculus (HOtt''') (equivalent to the calculus in If33l ). A further re¬ 
sult shows that shared names strictly add expressive power to session calculi. Eigure[2 
summarises these results. 


Outline / Contributions. This paper is structured as follows; 


Section 2 presents the higher-order session calculus HOtt and its subcalculi HO and n. 
Section 3 gives the type system and states type soundness for H0.7r and its variants. 
Section 4 develops higher-order and characteristic bisimilarities, our two tractable 
characterisations of contextual equivalence which alleviate the issues of context bisim¬ 
ilarity ll46l . These relations are shown to coincide in HO;7r (Theorem |4.1| l. 
Sectionj^defines precise (typed) encodings by extending encodability criteria studied 
for untyped processes (e.g. llblHl). 

Section|^and Section|^gives encodings of H0.7r into HO and of HOtt into n. These 
encodings are shown to be precise (Proposition |6.6| and Proposition |6.10| l. Mutual en¬ 
codings between tt and HO are derivable; all these calculi are thus equally expressive. 
Exploiting determinacy and typed equivalences, we also prove the non-encodability 
of shared names into linear names (Theorem |7.1| l. 

Section 1^ studies extensions of HOtt. We show that both HOtt'*' (the extension with 
higher-order applications) and HOif (the extension with polyadicity) are encodable 
in HOtt (Proposition |8.4| and Proposition |8.8| l. This connects our work to the existing 
higher-order session calculus in lf33i (here denoted HOif'''). 
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• Section [previews related works. The appendix collects proofs of the main results. 


2 The Higher-Order Session ;r-Calculus (HO;r) 

We introduce the Higher-Order Session n-Calculus (H0.7r). HOtt includes both name- 
and abstraction-passing operators as well as recursion; it corresponds to a subcalcu¬ 
lus of the language studied by Mostrous and Yoshida in 0331351 . Following the litera¬ 
ture for simplicity of the presentation we concentrate on the second-order call-by- 
value HOtt. (In Sectionj^we consider the extension of HOtt with general higher-order 
abstractions and polyadicity in name-passing/abstractions.) We also introduce two sub¬ 
calculi of HOtt. In particular, we define the core higher-order session calculus (HO), 
which includes constructs for shared name synchronisation and constructs for session 
establishment/communication and (monadic) name-abstraction, but lacks name-passing 
and recursion. 

Although minimal, in Section the abstraction-passing capabilities of H0.7r will 
prove expressive enough to capture key features of session communication, such as 
delegation and recursion. 

2.1 Syntax 

The syntax for HOtt processes is given in Figure]^ 

Identifiers. We use a,b,c,... to range over shared names, and s,s,... to range over 
session names whereas range over shared or session names. We define dual 

session endpoints i, with the dual operator defined as i = i and d-a. Intuitively, names 
s and s are dual endpoints. Name and abstraction variables are uniformly denoted with 
we reserve k for name variables and we sometimes write x for abstraction 

variables. Recursive variables are denoted with X,Y An abstraction Ax. Pisa process 

P with bound variable x. Symbols m,v,... range over names or variables. Furthermore 
we use V,W,... to denote transmittable values; either channels u,v or abstractions. 

Terms. The name-passing constructs of HOtt include the ;7r-calculus prefixes for send¬ 
ing and receiving values V. Process u\{V).P denotes the output of value V over channel 
M, with continuation P; process ul{x).P denotes the input prefix on channel m of a value 
that it is going to be substituted on variable x in continuation P. Recursion is expressed 
by the primitive recursor pX.P, which binds the recursive variable X in process P. Pro¬ 
cess y M is the application process; it binds channel u on the abstraction V. Prefix u < l.P 
selects label / on channel u and then behaves as P. Given i e I process u > {/; ; P, ),e/ 
offers a choice on labels /; with continuation P,-. The calculus also includes standard 
constructs for the inactive process 0, parallel composition Pi | P 2 , and name restriction 
(v ri)P. Session name restriction (v s)P simultaneously binds endpoints s and s in P. 
We use fv(P) and fn(P) to denote a set of free variables and names, respectively; and 
assume V in u\{V).P does not include free recursive variables X. Furthremore, a well- 
formed process relies on assumptions for guarded recursive processes. If fv(P) = 0, we 
call P closed. We write P for the set of all well-formed processes. 
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Fig. 2 Syntax for HO;7r (The dehnition of HO lacks the constructs in 

grey 

) 

(Processes) P, 2 u\{V).P \ ul(x).P 

1 u<l.P 1 u>[lj:Pi 

1 P\Q \ (yn)P \ 

1 Vu 

]iel 1 0 

X 1 pX.P 

(Names) n,m,t ::= a,b \ s,s 
(Identihers) u,v ::= n \ x,y,z,k 
(Values) V,Q ::= 0 | Ax.P 


2.2 Sub-calculi 

We identify two main sub-calculi of HOtt that will form the basis of our study: 
Definition 2.1 (Sub-calculi of HO;r). We let C e {HOtt, HO.tt) with: 

- Core higher-order session calculus (HO); The sub-calculus HO uses only abstraction 
passing, i.e., values in Figure^are defined as in the non-gray syntax; V Ax.P 
and does not use the primitive recursion constructs, X and pX.P. 

- Session 7r-calculus (n): The sub-calculus n uses only name-passing constructs, i.e., val¬ 
ues in Figure^are defined as V u, and does not use applications xu. 

We write to denote a sub-calculus without shared names, i.e., identifiers in Figure^ 
are defined as u,v w— s,s. 

Thus, while n is essentially the standard session ;7r-calculus as dehned in the litera¬ 
ture II19I13L HO can be related to a subcalculus of higher-order process calculi as stud¬ 
ied in the untyped II48I50I22II and typed settings II33I34I35L In Section]^ we show that 
HO;7r, HO, and n have the same expressivity. 

2.3 Operational Semantics 

The operational semantics for HOtt is standardly given as a reduction relation, sup¬ 
ported by a structural congruence relation, denoted s. Structural congruence is the least 
congruence that satishes the commutative monoid (P, \ ,0): 

P\0 = P Pl\P2 = P2\Pl Pl\(P2\P3) = iPl I P2) I P3 

satishes a-conversion: 

^*1 =a P 2 implies Pi = P 2 
and furthermore, satishes the rules: 

n i fn(Pi) implies Pi | (v n)P 2 = (v n)(Pi | P 2 ) 

(vn)0 = 0 {v n){v m)P = (v m)(v n)P pX.P = P{h^-PlX} 

The hrst rule is describes scope opening for names. Restricting of a name in an inactive 
process has no effect. Furthermore, we can permute name restrictions. Recursion is 
dehned in structural congruence terms; a recursive term pX.P is structurally equivalent 
to its unfolding. 
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Fig. 3 Reduction semantics for HOtt. 

(Ax. P) u 
n\(V).P\imx).Q 
n<lj.Q I n>[li : Fdie/ 

(v n)P (v n)P' P\Q 


P{U/x] 

[App] 

P\Q{V/x] 

[Pass] 

Q\Pj (jel) 

[Sel] 


[Par] ^ [Cong] 


Structural congruence is extended to support values, i.e., is the least congruence 
over processes and values that satisfies = for processes and, furthermore: 

Ax.P\ =a Ay.P2 implies Ax. Pi = Ay.P2 Pi = P2 implies Ax. Pi = AX.P2 

This way, abstraction values are congruent up-to cr-conversion. Furthermore, two con¬ 
gruent processes can construct congruent abstractions. 

Figure [^defines the operational semantics for the HOtt. [App] is a name application. 
Rule [Pass] defines value passing where value V is being send on channel n to its dual 
endpoint n (for shared interactions n = n). As a result of the value passing reduction 
the continuation of the receiving process substitutes the receiving variable x with V. 
Rule [Sel] is the standard rule for labelled choice/selection; given an index set /, a 
process selects label lj,j e / on channel n over a set of labels {l, ),e/ that are offered by a 
parallel process on the dual session endpoint n. Remaining rules define congruence with 
respect to parallel composition (rule [Par]) and name restriction (rule [Ses]). Rule [Cong] 
defines closure under structural congruence. We write —>* for a multi-step reduction. 


3 Session Types for HO;r 

In this section we define a session typing system for HOtt and establish its main proper¬ 
ties. We use as a reference the type system for higher-order session processes developed 
by Mostrous and Yoshida II33I34I35I . Our system is simpler than that in ||3^ . in order 
to distil the key features of higher-order communication in a session-typed setting. 


3.1 Syntax 

We define the syntax of session types for HOtt. 


Definition 3.1 (Syntax of Types). The syntax of types is defined on the types for ses¬ 
sions S, and the types for values U: 


(value) U 

(name) C 

(abstr) L 

(session) S,T 


^ I L 

S \ (S) \ (L) 


C- 


C —00 


\{Uy,S I ?(t/);5 I 

p\.S I t I end 


®{li ■■ Sihei 


&{li : Sihei 
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Types for Values. Types for values range over symbol U which includes first-order 
types C and higher-order types L. First-order types C are used to type names; session 
types S type session names and shared types {S) or (L) type shared names that carry 
session values and higher-order values, respectively. Higher-order types L are used to 
type abstraction values; C^o and C^o denote shared and linear abstraction types, 
respectively. 

Session Types. The syntax of session types S follows the usual (binary) session types 
with recursion 11911311 . An output type \{U}',S is assigned to a name that first sends 
a value of type U and then follows the type described by S. Dually, the input type 
1{U)\S is assigned to a name that first receives a value of type U and then continues 
as S . Session types for labelled choice and selection, written &{/, ; 5,),g/ and ©{1, ; 
Si}iei, respectively, require a set of types {5,),e/ that correspond to a set of labels {/ e 
/),£/. Recursive session types are defined using the primitive recursor. We require type 
variables to be guarded', this means, e.g., that type jut.t is not allowed. Type end is the 
termination type. We let T to be the set of all well-formed types and ST to be the set of 
all well-formed session types. 

Types of HO exclude C from value types of HOtt; the types of n exclude L. From 
each C 6 {HOtt,HO,tt), excludes shared name types ({S) and (L)), from name 

type C. 

Remark 3.1 (Restriction on Types for Values). The syntax for value types is restricted 
to disallow types of the form: 

• {{U}}: shared names cannot carry shared names; and 

• U—^o: abstractions do not bind higher-order variables. 

The difference between the syntax of process in H0.7r with the syntax of processes 
in II33I35I is also reflected on the two corresponding type syntax; the type structure 
in II33I35L supports the arrow types of the form f/ —> T and t/ -o T, where T denotes 
an arbitrary type of a term (i.e. a value or a process). 

3.2 Duality 

Duality is defined following the co-inductive approach, as in mm. We first require the 
notion of type equivalence. 

Definition 3.2 (Type Equivalence). Define function FCK): T —> T.- 
Fi'K) = {(end, end)) 

U{«5),<r» I S nT}U{({Li},{L2)) I Li^lLz) 

U {(Ci^o,C2^o),(Ci—oo,C2-°o) I Cl !R C 2 ) 
U{(!<t/i);5,!<t/2);r),(?(t/i);5,?(t/i);7’) | Ui%U2,S%T} 

U {(©{/,: 5,■),e/,©{f,:7’i),e/) I Si^Ti} 

U{(&{li--Si}iei,&{li-Ti}iei) I S,%Ti} 

U 1(5,7’) I 5{FtA/t) D) 

U 1(5 , T) I S% T’jA't-T/t))) 

Standard arguments ensure that F is monotone, thus the greatest fixed point ofF exists. 
Let type equivalence be defined as iso = vX.F(X). 
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In essence, type equivalence is a co-inductive definition that equates types up-to recur¬ 
sive unfolding. We may now define the duality relation in terms of type equivalence. 


Definition 3.3 (Duality). Define function F(fK): ST —> ST.- 
Fi%) = {(end, end)) 

U{(!<t/i);5,?(t/2);r),(?(t/);5,!<t/);r) | Ui\soU2,S%T] 

U {(©{/,■ ■),■,/) | 5,-)R T,) 

U {(&{Z,■: 5,•),<,/) | 5,-)R T,) 

U 1(5,7’) I 5{f^t-‘S/t) {R T)) 

U 1(5 , T) I S% 7’{f't-T/t))) 

Standard arguments ensure that F is monotone, thus the greatest fixed point ofF exists. 
Let duality be defined as dual = vX.F(X). 

Duality is applied co-inductively to session types up-to recursive unfolding. Dual ses¬ 
sion types are prefixed on dual session type constructors that carry equivalent types (! 
is dual to ? and © is dual to &). 


3.3 Type Environments and Judgements 
Following 033I35L we define the typing environments. 

Definition 3.4 (Typing environment). We define the shared type environment F, the 
linear type environment A, and the session type environment A as: 

(Shared) F 0 | F x:C^o \ F-u:{S) \ F-u:{L) \ F X:A 
(Linear) A \ A-x:C-oo 

(Session) A 0 | A-u:S 

We further require: 

i. Domains ofF,A,A are pairwise distinct. 

a. Weakening, contraction and exchange apply to shared environment F. 

Hi. Exchange applies to linear environments A and A. 

We define typing judgements for values V and processes F: 

F;A;Ai-V>U F;A;Ai-F>o 

The hrst judgement asserts that under environment F\A\A values V have type t/, whereas 
the second judgement asserts that under environment F\A\A process P has the typed 
process type o. 
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Fig. 4 Typing Rules for HOtt. 


[Sess] [Sh] T-m : l/;0;0 h {/ [LVar] r;{A:: C^o);0 h ;c>C^o 

F;0;0 h F>C-oo r',A-x \ C^o\A\-P>o 

[Prom] -—xrx — ,, ^ - [EProm] —----—-— 

r;0;0hP>C—>0 r-x : C—h P>o 

r., , r\A\Ai\-P>o r\%\A2^x>C 

[Abs] - 

r;A;zli\zl2i-.lx.P>C^o 

U = C-ooVC—K> r;A;Ai\-V>U /’; 0 ;zI 2 Hm>C 

[App] 

[Send] 


[Rev] 


r\A’,A\ ■A 2 I- Vu>o 

r\A\\A\ P><> r\A 2 \A 2 V >U u \ S s Ai • A 2 
r;Ai -ArAiAx ■A2 )\{u ■.S])-u:\{U};S h u\{V}.P>o 

r;Ai;Ai ■ u : S i-P>o /’;A2;A2 1 -x>C 


r\x;Ai\A 2 ;Ai\A 2 -u:?(C);S h m?(x).F>o 


[Req] 


[Acc] 


r\%\%\-u>Ux r;A;AihP>o r;0;A2 h V> 1/2 
(f/i = <S) (72 = S) V(f/i = <L) « 172 = L) 

r\A\Ai-A2\-u\{V).P>o 

/’;0;0 h m>(7i r;Ai;Ait-F>o /’;A2;A2 1 -x> 1/2 
((/i = <S> 172 = S) V (f/i = {L) ■^U2 = L) 


[Bra] 


r;Ai\A 2 ;Ai\A 2 I- ul(x).P>o 
Viel r-,A;A-u:Sit-Pi>o r;A;A-u : S j P>o jel 


r;A-,A-u: &((,• : S,),e/ 1- m>(/; : P,),e/>o 


[Sel] 


r;A',A ■ u : ©(/; : S,),e/ I- u<lj.P>o 


[Res] 

[Par] 


f-a: {S}',A;A 1 - P>o 


[ResS] 


r;A;A-i:Si-i:S2i-P>o Sidual5'2 


r\A;A I- (y a)P>o 
P\Ai\Ai Pi ><> T; A2; A2 h P2 ^ ^ 


[End] 


r;Ai •A 2 ;Ai ■A2 H Pi I P2''* 

[Nil] r;0;0t-O>o [RVar] P-A : A;0;A h A>o 


r',A\A h (v s)P>o 

r;A',A P>T ui dom(P,A,A) 
r',A\A ■ u : end P>o 

r-X:A;<d;At-P>o 


[Rec] 


r;0;Ai-pXP>o 


3.4 Typing Rules 

The type relation is defined in Figure Rule [Session] requires the minimal session 
environment A to type session u with type S. Rule [LVar] requires the minimal linear 
environment A to type higher-order variable x with type C^o. Rule [Shared] assigns the 
value type U to shared names or shared variables u if the map u : U exists in environ¬ 
ment r. Rule [Shared] also requires that the linear environment is empty. The type C^o 
for shared higher-order values V is derived using rule [Prom], where we require a value 
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with linear type to be typed without a linear environment present in order to be used as 
a shared type. Rule [EProm] allows to freely use a linear type variable as shared type 
variable. Abstraction values are typed with rule [Abs]. The key type for an abstraction 
is the type for the bound variables of the abstraction, i.e., for bound variable with type 
C the abstraction has type C-oo. The dual of abstraction typing is application typing 
governed by rule [App], where we expect the type C of an application name u to match 
the type C-oo or C^o of the application variable x. 

A process prefixed with a session send operator u\{V).P is typed using rule [Send]. 
The type t/ of a send value V should appear as a prefix on the session type !(t/);5 
of s. Rule [Rev] defines the typing for the reception of values ul{V).P. The type f/ of a 
receive value should appear as a prefix on the session type ?(t/); S of u. We use a similar 
approach with session prefixes to type interaction between shared channels as defined in 
rules [Req] and [Acc], where the type of the sent/received object {S and L, respectively) 
should match the type of the sent/received subject ({5) and (L), respectively). Select 
and branch prefixes are typed using the rules [Sel] and [Bra] respectively. Both rules 
prefix the session type with the selection type ©(/, ; 5,],e/ and &(1, : 5,■],<=/. 

The creation of a shared name a requires to add its type in environment P as defined 
in rule [Res]. Creation of a session name s creates two endpoints with dual types and 
adds them to the session environment A as defined in rule [ResS]. Rule [Par] concatenates 
the linear environment of the parallel components of a parallel operator to create a 
type for the composed process. The disjointness of environments A and A is implied. 
Rule [End] allows a form of weakening for the session environment A, provided that the 
name added in A has the inactive type end. The inactive process 0 has an empty linear 
environment. The recursive variable is typed directly from the shared environment P 
as in rule [RVar]. The recursive operator requires that the body of a recursive process 
matches the type of the recursive variable as in rule [Rec]. 

3.5 Type Soundness 

Type safety result are instances of more general statements already proved by Mostrous 
and Yoshida 03313511 in the asynchronous case. 

Lemma 3.1 (Substitution Lemma - Lemma C.IO in ||35]| ). 

L P',A;A • .r : 5 h P>o and u i dom(T', A,/l) implies P;A;A ■ u : S P(“/x]>o. 

2. P-x: {U)',A\A 1 - P>o and a i dom(/], A,A) implies Pa: {U)\A:A i- P(‘*/x] >o. 

3. IfP\A\ ■ X: C-oo;Ai h P>o andP',A 2 ',A 2 b V>C-oo with Ai ■ A 2 and A\ ■ A 2 defined, 
then P',A\ ■ A 2 ',A\ ■A 2 b P(^/x]>o. 

4. P ■ x: C—^o;A;A 1 - P>o and T;0;0 b V >C^o implies P',A;A b P('^/x] > 0 . 

Proof. By induction on the typing for P, with a case analysis on the last used rule. □ 

We are interested in session environments which are balanced: 

Definition 3.5 (Balanced Session Environment). We say that session environment A 
is balanced if s : S \ ,1: S 2 & A implies S \ dual 82 - 

The type soundness relies on the following auxiliary definition: 
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Definition 3.6 (Session Environment Reduction). The reduction relation —> on ses¬ 
sion environments is defined as: 

d-s:!(l/);Si-s:?mS2^^-s:Si-s:S2 
d ■ s : ©{/,' ; SiJie/ ■ s : &{/,■: S'■],£/ —> d ■ s : S t ■ s : S ke I 

We write —for the multistep environment reduction. 

We now state the main soundness result as an instance of type soundness from the 
system in ||33l. It is worth noticing that in has a slightly richer definition of struc¬ 
tural congruence. Also, their statement for subject reduction relies on an ordering on 
typing associated to queues and other runtime elements. Since we are dealing with syn¬ 
chronous semantics we can omit such an ordering. The type soundness result implies 
soundness for the sub-calculi HO, n, and 

Theorem 3.1 (Type Soundness - Theorem 7.3 in |I35)). 

1. (Subject Congruence) r\%\d h P > o and P = P' implies P;0;zl i- P' > o. 

2. (Subject Reduction) r',(lr,d h P>o with balanced d and P — > P' implies r',%',d' h 
P' >0 and either (i) d — d' or (ii) d —> d' with d' balanced. 

Proof. See Appendix [A| (Page [5^. □ 

4 Behavioural Semantics for HO;r 

We develop a theory for observational equivalence over session typed HOtt processes. 
The theory follows the principles laid by the previous work of the authors 027I26I25II . 
We introduce three different bisimilarities and prove that all of them coincide with 
typed, reduction-closed, barbed congruence. 

4.1 Labelled Transition Semantics 

Labels. We define an (early) typed labelled transition system Pi —> P 2 (LTS for short) 
over untyped processes. Later on, using the environmental transition semantics, we can 
define a typed transition relation to formalise how a process interacts with a process in 
its environment. The interaction is defined on action {: 

f T \ (v m)n\{V) \ nl{V) \ n®l \ n&l 

The internal action is defined by label r. Output action (v m)n\{V) denotes the output 
of value V over name n with a possibly empty set of names m being restricted (we may 
write n\{V) when in is empty). Dually, the action for the value input is nl{V). We also 
define actions for selecting a label I, n®I and branching on a label n, s&l. fn((’) and 
bn(^) denote sets of free/bound names in resp. 

The dual action relation is the symmetric relation x that satisfies the rules: 

n®l xh&l (v m')n\{V) xhliV) 

Dual actions occur on subjects that are dual between them and carry the same object. 
Thus, output actions are dual to input actions and select actions is dual to branch actions. 
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Fig. 5 The Untyped (Early) Labelled Transition System. 


(Ax.P)u-^ Pi^jx] <App> n\(V).P P (Out) u?(x).P P[ Vjx] (In) 


i</.P—»T(Sel) 


j^I 


S&lj 

s>{li-.Pi]iel^P, 


P — *P' nt fn(U 
(v ri)P (y n)P' 

(v m)n\(V) 


(Res) 


P=a P" 


•P' 


(Alpha) 


(Bra) 


P{P^-P/X] P' 


(Rec) 


^iX.P- 


P' m e fn(T) 


(v m-m)nUV) 

(vm)P -U p' 


(Scope) 


p-U p' 


^2 


Q^Q' 


F|e-^(ybn(U)Ubn(^2))(T'ie') 


(Tau) 


■ P' bn(Unfn(e) = 0 
P\Q-^P'\Q 


(LPar) 


Q—^Q' bn(U n fn(F) = 0 
PIQ^PIQ' 


(RPar) 


LTS over Untyped Processes. The labelled transition system (LTS) over untyped pro¬ 
cesses is defined in Figure We write Pi —> P 2 with the usual meaning. The rules 
are standard II27I26I . An application requires a silent step t to substitute the application 
name over the application abstraction as defined in rule (App). A process with a send 
prefix can interact with the environment with a send action that carries a value V as 
in rule (Out). Dually, in rule (in) an input prefixed process can observe a receive action 
of a value V. Select and branch prefixed processes observe the select and branch ac¬ 
tions in rules (Sel) and (Bra), respectively, and proceed according to the labels observed. 
Rule (Res) closes the LTS under the name creation operator provided that the restricted 
name does not occur free in the observable action. If a restricted name occurs free in 
an output action then the name is added as in the bound name list of the action and the 
continuation process performs scope opening as described in rule (Scope). Rules (LPar) 
and (RPar) close the LTS under the parallel operator provided that the observable action 
does not shared any bound names with the parallel processes. Rule (Tau) states that if 
two parallel processes can perform dual actions then the two actions can synchronise to 
observe an internal transition. Finally, rule (Alpha) closes the LTS under alpha-renaming 
and rule (Rec) handles recursion unfolding. 

4.2 Environmental Labelled Transition System 

Figurej^defines a labelled transition relation between a triple of environments, denoted 

(ri,Ai,zli) —> (T’ 2 ,A 2 ,/l 2 ). It extends the transition systems in 1271261 to higher-order 
sessions. 

Input Actions are defined by [SRv] and [ShRv] (n session or shared name respectively 
n?(y)). We require the value V has the same type as name s and a, respectively. Fur¬ 
thermore we expect the resulting type tuple to contain the values that consist with value 
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Fig. 6 Labelled Transition Semantics for Typed Environments. 


[SRv] 


i^dom(/l) r-,A'-,A'i-V>U 


s?(V> 

(r;A-A ■ s :?(t/);S) ^ (r;A-A';A-A'-s: S) 
r-M%ha>{U) r;A’;A’\-V>U 


[ShRv] 


a?(V> 

(r;A;A) ^ (r;A-A’ ;A ■ A’) 


[SSnd] 


[ShSnd] 


i ^ dom(zl) r ■ r'^A'',A'h V>U m = 
r'-Q-Ait-mi>Ui r'-Q-A'.\-mi>U'. A'cA (Ai\U;di) C (A • j : S) 

(v m)s\{V) 

(r-A;A-s:\(U);S) -U (F■ r;A\A';(A ■ s : S 

r ■ r’■ a\{U)\A'\A'y >U m = mi...m„ 
r'-Q-Ait-mi>Ui r'-Q-A'\-mi>Ui A'QA (Ai\\JiAi)cA 


(v m)a\{V) 

(r-a:(U);A-A) -U (F■ T ■ a : (U};A\A’-(A-IJiA'AXA’) 


[Sel] 


i i dom(zl) ye/ 


S® 1 ; 


[Bra] 


(r;A;d • ^ : ©{/,■: 5,lfe/) ^ (r;A;A • i : 5y) 
S i dom(A) ye/ 

sSilj 

(F-A\A ■ s : &{/,■ : Life/) ^ (r;A;A • 5 : 5y) 
A 1 —> A2V Ai = A2 


[Tau] 


(r;A;Ai)^(r;A;A2) 


V. The condition s i dom(A) in [SRv] ensures that the dual name s should not be present 
in the session environment, since if it were present the only communication that could 
take place is the interaction between the two endpoints (using [Tau] below). 


Output Actions are defined by [sSnd] and [ShSnd]. Rule [sSnd] states the conditions for 
observing action (v m)s\{V) on a type tuple (F,A,A ■ s : S). The session environment A 
with s : S should include the session environment of sent value V, excluding the session 
environments of the name ny in m which restrict the scope of value V. Similarly the 
linear variable environment A' of V should be included in A. Scope extrusion of session 
names in in requires that the dual endpoints of m appear in the resulting session environ¬ 
ment. Similarly for shared names in in that are extruded. All free values used for typing 
V are subtracted from the resulting type tuple. The prefix of session s is consumed by 
the action. Similarly, an output on a shared name is described by rule [ShSnd] where we 
require that the name is typed with (U). Conditions for the output V are identical to 
those for rule [SSnd]. We sometimes annotate the output action (v in)n\{V) with the type 
of V as (v ih)n\{V : U). 
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Other Actions Rules [Sel] and [Bra] describe actions for select and branch. The only 
requirements for both rules is that the dual endpoint is not present in the session en¬ 
vironment and the action labels are present in the type. Hidden transitions defined by 
rule [Tau] do not change the session environment or they follow the reduction on session 
environments (Definition [T^. 

Proposition 4.1 (Environment Transition Weakening). Consider the LTS for typing 

a t e 

If{r\-,A\',A\)\ —> (r2\A2\A2) then {r2',Ai',A{} i—> (C2;A2;A2). 


Proof. The proof is by case analysis on the definition of i—>, exploiting the structural 
properties (in particular, weakening) of shared environment P (cf. Definition 3.4 1 . □ 


As a direct consequence of Proposition |4.1| we can always make an observation on 
a type environment without observing a change in the shared environment. 


Typed Transition System We define a typed labelled transition system over typed pro¬ 
cesses, as a combination of the untyped LTS and the LTS for typed environments (cf. 
Figure]^ and 1^; 

Definition 4.1 (Typed Transition System). We write r\A\ h Pi — > A 2 1 - P 2 whenever 

P\ -^Pi, (r,0,/li)(r,0,zl2) andr\%-,A2^ P2>o- 

e 

We extend to => and => where we write => for the reflexive and transitive ciosure 

e tie 

of — >, =>for the transitions — >=> and for => if £ + t otherwise 


4.3 Reduction-Closed, Barbed Congruence 


Equivalent processes require a notion of session type confluence, defined over session 


environments A, following Definition 3.6 


Definition 4.2 (Session Environment Confluence). We denote A\ ^ A2 whenever 3 A 
such that A \ —>* A and A2 —>* A. 


We define the notion of typed relation over typed processes; it includes properties 
common to all the equivalence relations that we are going to define; 

Definition 4.3 (Typed Relation). We say that r-,%-,A\ i-Pi>o !R /’;0;zl2 'rP 2 >o is a 
typed reiation whenever: 


i) Pi and P 2 are dosed processes; 

ii) A\ and A 2 are baianced; and 
Hi) AI ^ A2. 


Wewrite r-,Aik Pi [R/I 2 i-P 2 /or r;0;zli i-Pi>o [R r;0;zl2 1 -P 2 ><>■ 

Type relations relate only closed processes (i.e., processes with no free variables) 
with balanced session environments and the two session environments are confluent. 
We define the notions of barb ll3^ and typed barb; 
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Definition 4.4 (Barbs). Let P be a closed process. 

1. We write P ifP = (v m){n\{V).P 2 \ P 3 ),n i in. We write P JJ.„ if P — 

2. We write r',%\A 1 - P ifr\%-,A h P>o with P i„ and hi A. We write r;(l)',A 1 - P U,„ 
ifP p' and r;(l);A' H P' l„. 

A barb X„ is an observable on an output prefix with subject n. Similarly a weak barb JJ,„ 
is a barb after a number of reduction steps. Typed barbs (resp. U.„) occur on typed 
processes r\%-,A h P>o where we require that whenever n is a session name, then the 
corresponding dual endpoint h is not present in the session type A. 

To define a congruence relation we define the notion of the context C: 

Definition 4.5 (Context). A context C is defined on the grammar: 

C - I u\{V}.C \ u\{Ax.C).P \ u7(x).C \ pX.C \ (Ax.C)u 

I (vn)C I C|P I P|C I u<l.C I k>{h:Pu---,li:C,---,ln--Pn} 

Notation C[P] replaces every hole - in C with P. 

A context is a function that takes a process and returns a new process according to the 
above syntax. 

The first behavioural relation we define is reduction-closed, barbed congruence: 

Definition 4.6 (Rednction-closed, Barbed Congruence). Typed relation r\A\'rP\ %A 2 i- 
P 2 is a barbed congruence whenever: 

1. - If Pi —> Pj then there exist such that P 2 —>* P '2 and r;A'^ h Pj !R zl^ 1 - P^ 

- //P 2 — > P '2 then there exist Ppzl'j such that Pi —>* Pj and r',A'^ h Pj !R zl^ I- P^ 

2. - Ifr\%\Ai I- Pi Xs then P; 0 ;zl 2 H P 2 Us- 

- Ifr-,(l>-A2 F P 2 Xs then P;0;zli 1 - Pi U.s- 

3. VC, then there exist A'fA '2 such that r-,A'^ 1 - C[Pi] !R zl^' 1 - C[P 2 ] 

The largest such congruence is denoted with =. 

Reduction-closed, barbed congruence is closed under reduction semantics and pre¬ 
serves barbs under any context, i.e., no barb observer can distinguish between two 
related processes. 


4.4 Context Bisimulation 


The second behavioural relation we define is the labelled characterisation of reduction- 
closed, barbed congruence, called context bisimulation ll46l : 

Definition 4.7 (Context Bisimulation). Typed relation % is a context bisimulation if 
foralir;Ai 1 -Pi ^Rzl2i-P2, 


1. Whenever T; AI h Pi 


(v mi)n\{Vi) 


!- P 2 there exist Q 2 , V 2 , and such that 


r ;zl21- Qi 


(v m2)n\{V2) 


4^22 


and VR with {x} — £v(P), then 


r-A'; h (v mi)(P 2 I P{^i/x)) zt" h (v m 2 ){Q 2 I P{^ 2 / 4 ). 


February 11, 2015 


17 


c 

2. For all r;Ai h Pi —> A'^ h P 2 such that t (y m)n\{V), there exist Q 2 and A'r^ such 
that 

r;A2 H Qi => A2 I- Q2 

and r-,A\\- P2% A'2\- Q2. 

3. The symmetric cases of 1 and 2. 

The Knaster-Tarski theorem ensures that the largest context bisimulation exists, it is 
called context bisimilarity and is denoted by 


4.5 Higher-Order Bisimulation and Characteristic Bisimulation 

In the general case, contextual bisimulation is a hard relation to compute due to: 

i) the universal quantiher over contexts in the output case (Clause 1 in Dehnition |4.7[ ); 
and 

ii) a higher order input prehx can observe inhnitely many different input actions, since 
inhnitely many different processes can match the session type of an input prehx. 


To reduce the burden of the contextual bisimulation we take the following two steps: 


(a) 

(b) 


we replace Clause 1 in Dehnition 4.7 with a clause involving a more tractable pro¬ 
cess closure; and 

we rehne the transition rule for input in the LTS so to dehne a bisimulation relation 
without observing inhnitely many actions on the same input prehx. 


Trigger Processes with Session Communication. Concerning (a), we exploit session 

is context bisimilar 

to the process: 


types. First observe that closure R{^lx] in Clause 1 in Dehnition 


4.7 


P = (v s){{Az.zl{x).R) s I s!(y).0) (1) 

In fact, we do have P P{'^/x), since application and session transitions are determin¬ 
istic. Now let us consider process Ty below, where f is a fresh name: 

7 ’v = f?(.x).(vi)(.ri| i!<y).0) (2) 


Process Ty can input the class of abstractions Az.z‘l{x).R and can simulate the closure 
of 0: 


mz.zt{x).R) 

1 Y -> r : 


RK^Ix] 


(3) 


Processes such Ty input a value at a fresh name; we will use this class of trigger 
processes to dehne a rehned bisimilarity without the demanding output Clause 1 in 
Dehnition |4.7| Given a fresh name f, we write: 

f y = ti{x).{v s)(xs I i!{y).o) 

We note that in contrast to previous approaches 1501221 our trigger processes do not use 
recursion or replication. This is crucial to preserve linearity of session names. 
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Characteristic Processes and Values. Concerning point (b), we limit the possible input 
abstractions Ax. P by exploiting session types. We introduce the key concept of charac¬ 
teristic process/value, which is the simplest process/value that can inhabit a type. As an 
example, consider S -1{S i ^o); !{5 2 ); end. Type 5 is a session type that first inputs an 
abstraction (from type 5 1 to a process), then outputs a value of type S 2 , and terminates. 
Then, the following process: 

Q - u‘l(x).(u\{s2}.0 I .xii) 


is a characteristic process for S along name u. In fact, it is easy to see that Q is well- 
typed by session type S. The following definition formalizes this intuition. 

Definition 4.8 (Characteristic Process). Let name u and type U. Then we define the 
characteristic process.- and the characteristic value lUJc cls: 


vm-sY ^ ui(x).asr\iur) 
i®{i:s]r u<i.isr 

mii: «>{/,: [ 5 ,■]“),£/ 

ra“ 

pXt.isr 
KendJ" 0 


KSW = u\{lSJc}.0 

xlCJc 

s fresh 

f<5)3c [(T)3c "= « afresh 

S:C^o3c"= [C->o3c"= Ax.icr 


Proposition 4.2. Characteristic processes and values are inhabitants of their associ¬ 
ated type: 

• r-,%-,A-u:S i-8;53">0 

• U - {S) or U - {L) implies Tu: 1 - ^1/]“ >0 

. r-%-A^iuY>u 


Proof By induction on the definition of [5]“ and lUY- □ 

Corollary 4.1. Ifr\%\A \- KC3">o then r\%-,A 1 - m>C. 


We use the characteristic value [t/Jc to limit input transitions. Following the same 
reasoning as we can define an alternative trigger process, called characteristic 


trigger process with type U to replace Clause 1 in Definition 4.7 


. def 


t^v.u = f?(v).(v s)ill{uy, end]" | s!<y).0) 


(4) 


Thus, in contrast to the trigger process in the characteristic trigger process in Q 
does not involve a higher-order communication on t. 

To refine the input transition system, we need to observe an additional value: 


Ax. tl{y).{yx) 

called the trigger value. This is necessary, because it turns out that a characteristic value 
alone as the observable input is not enough to define a sound bisimulation. Roughly 
speaking, the trigger value is used to observe/simulate application processes. 

The intuition for usage of the trigger is demonstrated in the next example. 
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Example 4.1. First we demonstrate that observing a characteristic value input alone is 
not sufficient to dehne a sound bisimulation closure. Consider typed processes P\,P 2 '. 

P\ = s?(;ic).(;icsi | xsi) Pi = s?(.r).(xsi | S2?(y)-0) (5) 

with 

T; 0;zl ■ s :?((?(C); end)^o); end i- P; > o (1 e {1,2)). 

If the above processes input and substitute over x the characteristic value 

[(?(C);end)^«3c = ^^-x?(y).0 


then both processes evolve into; 

¥■ ii?(j).0 I i2?Cv)-0>o 

therefore becoming context bisimilar. However, the processes in Q are clearly not con¬ 
text bisimilar; there exist many input actions which may be used to distinguish them. 
For example, if Pi and Pi input 

Ax.(v S3)(a'.{s3}.xl(y).0) 


with r;%;A h i>end, then their derivatives are not bisimilar. 

Observing only the characteristic value results in an over-discriminating bisimula¬ 
tion. However, if a trigger value, Ax.tl(y).(yx) is received on s, then we can distinguish 
processes in 0: 


^?(V).(VX)> 

P;zlhPi ^ A' i-tl(x).(xSi)\tl(x).(xS 2 ) 

r-AhPi ^ A"^tl{x).{xsi)\s 2 l(y).Q 


One question that arises here is whether the trigger value is enough to distinguish 
two processes, hence no need of characteristic values as the input. This is not the case 
since the trigger value alone also results in an over-discriminating bisimulation relation. 
In fact the trigger value can be observed on any input prehx of any type. For example, 
consider the following processes; 

r\%',A h (v s)(nl(x).(xs) I s!(/lx.P).0)>« (6) 

r\%\A h (v s){nl(x).(xs) I g).0)>o (7) 

if processes in (|^/Q input the trigger value, we obtain processes; 

r;(l);A' I- (v s)(tl(x).(xs) \ s\{Ax.P).0)>o 
r-,<d;A' h (v i)(f?(x).(xi) I i!(/lx. g).0)>o 


thus we can easily derive a bisimulation closure if we assume a bisimulation definition 
that allows only trigger value input. 

But if processes in (|^/Q input the characteristic value Az.zl(x).{xm), then they 
would become; 


r;(/>;A h (v s)(s‘l(x).(xm) \ i!{/lx.P).0) /( h P{"Vx) 

P; 0;zl 1- (v s){sl(x).(xni) \ s\{Ax. Q).0) ^A\- 2{"Vx) 
which are not bisimilar if P{"Vx) 
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We now define the refined typed LTS. The new LTS is defined by considering a tran¬ 
sition rule for input in which admitted values are trigger or characteristic values; We 
formalise the restricted input action with the definition of a new environment transition 
relation: 

{rA\,Ai)^{r,A2,A2) 

The new rule is defined on top of the rules in Figure]^ 

Definition 4.9 (Refined Input Environment LTS). 




(A;Ai;zli) 


m(v) 


(r2\A2\A2) 


(y s Az. tl{x).{xz) A t fresh) 
V (V = imc)yy 


{ri-,Ai-Ai) 


n%V) 


(T2;Ai;^2) 


Rule [rRv] refines the input action to carry only a characteristic value (fresh name or 
abstraction) or a trigger value on a fresh name t. This rule is defined on top of rules [SRv] 

and [ShRv] in Figure The new environment transition system i—> uses rule [RRv] 

t 

as input rule. All other defining cases of environment LTS i—> remain the same as 
in Figure]^ 

t 

The new typed relation derived from the i—> environment LTS is defined as: 


r 

Definition 4.10 (Restricted Typed Transition). 'We write r\A\ i- Pi i—> ZI 2 f P 2 when¬ 
ever Pi —> P 2 , (P,0,/4i) I—> (P, 0 , 2 ) 2 ) and P;0;2l2 F P 2 >o. 

e 

We extend to and t=> in the standard way. 


Lemma 4.1 (Invariant). Iff;Ai 1 - Pi 1 —» A 2 f P 2 then r\A\ 1 - Pi —> A 2 f P 2 . 


Proof. The proof is straightforward from the definition of rule [RRv]. 


The next definition formalises the notion of a trigger process. 

Definition 4.11 (Trigger Process). Let t, V, and U be a name, a value, and a type, 
respectively. We have: 

Hpf _ 

Trigger Process f V = f?(x).(v i)(xi | i!{y).0) 

Hpf 

Characteristic Trigger Process t<^V:U - f?(x).(v i)([?(f/); end]® | i!{y).0) 


The Two Bisimulations. We now define higher-order bisimulation, a more tractable 
bisimulation for HO and HO;7r. The two bisimulations differ on the fact that they use the 
different trigger processes: f V and t : U. 

Definition 4.12 (Higher-Order Bisimulation). Typed relation % is a higher-Order 
bisimulation if for all P'.Ai 1 - Pi % A 2 h Qi, 
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(v m\)n\(y\) 

1. Whenever r',A\ i- Pi \—> A'-^ h P 2 there exist Q 2 , V 2 , A'^ such that 

(v 

r-M h 01 ^ 21 ^ h 02 

and, for afresh t, 

r-,A" h (v mi)(P2 I f Vi) A2 I- (v m 2)(02 I t ¥2), 


£ 

2. For all r',Ai 1 - Pi 1 —> A'^ h P 2 such that t + {v m)n\{V), there exist 302 and A'^ such 
that 

r\Ai h 01 A '2 b 02 

and r-,A\\- P2% A'2)- Q2. 

3. The symmetric cases of 1 and 2. 

The Knaster-Tarski theorem ensures that the largest higher-order bisimulation exists; it 
is called higher-order bisimilarity and is denoted by 


The higher-order bisimulation definition uses higher order input guarded triggers, thus 
it cannot be used as an equivalence relation for the n sub-calculus. An alternative defini¬ 
tion of the bisimulation—^based on characteristic output triggers—solves this problem. 


Definition 4.13 (Characteristic Bisimulation). Typed relation % is a characteristic 
bisimulation if whenever r-,Ai h Pi )R /)2 1 - 0i implies: 

{v mi)n\{V[:U} 

1. Whenever r\A\ h Pi i—^ h P 2 there exist Q 2 , V 2 , and A 2 such that 


r\A2 01 


(y m2)n\{V2'.V) 


4^22 


and, for a fresh t, 

r-A'; h (v mi)(P 2 I f ^ Vi : t/) )R 3" h (v m2)(02 \t<^V 2 :U). 


2. For all F;Ai h Pi i—> A' h P 2 such that t + (y m)n\{V), there exist 302 and 31 such 


that 


r ;3i I- 0it=^32 I- 02 


andF-,A\ 1 -P 2 3^ 1 -02. 

3. The symmetric cases of 1 and 2. 


The Knaster-Tarski theorem ensures that the largest bisimulation exists; it is called 
characteristic bisimilarity and is denoted by ss*'. 

The next result clarifies our choice of restricting higher-order input actions with 
input triggers and characteristic processes: if two processes P and 0 are bisimilar under 
the substitution of the characteristic abstraction and the trigger input, then P and 0 are 
bisimilar under any abstraction substitution. 
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Lemma 4.2 (Process Substitution). If 

1 . h P{^z-^?(>')-Cyz)/x) ZI 2 F Q{-^^-t"^(y)-(yz)/x}, for some fresh t. 

2. r-A'{ h P{l'Ulclx} zl" h Q{l'Ulclx}, for some U. 

then 'iR such that fv(/?) = z 

r;zli I- P{^z.Rlx} A2 F 


Proof The details of the proof can be found in Lemma |B.3| (Page[58|l. □ 

We now state our main theorem: typed bisimilarities collapse. The following the¬ 
orem justifies our choices for the bisimulation relations, since they coincide between 
them and they also coincide with reduction closed, barbed congruence. 

Theorem 4.1 (Coincidence). Relations and = coincide. 


Proof The full details of the proof are in Appendix |B.l| There, the proof is split into a 
series of lemmas: 


Lemma 

Lemma 

Lemma 

Lemma 


B.l 


B.4 


B.5 


B.8 


establishes _ 

exploits the process substitution result (Lemma |L^ to prove that; 

shows that ^ is a congruence which implies 

shows that =Csi^, using the technique developed in IfTSl . 


Mr 


The formulation of input triggers in the bisimulation relation allows us to prove the 
latter result without using a matching operator. □ 


We now define internal deterministic transitions as those associated to session syn¬ 
chronizations or to y6-reductions: 

Definition 4.14 (Deterministic Transition). Letr',%\A \- P>o be a balanced HOtt pro¬ 
cess. Transition r',A i- P 1 —> A' F P' is called: 

— Session transition whenever the untyped transition P —» P' is derived using rule {Tau) 
(where subj((’i) and subj((’ 2 ) in the premise are dual endpoints), possibly followed 
by uses of (Alpha), (Res), {Rec}, or (Parf) I {Parjt). 

— jS—transition whenever the untyped transition P —> P' is derived using rule (App), 
possibly followed by uses of (Alpha), (Res), (Rec), or (Part) I (Parf}. 

Ts ^(3 

We write r,A\- P 1 —» A' F P' and r',A\- P 1 —> A' F P' to denote session and /3-transitions, 

Tij 

resp. Also, r;A i- P 1 —> A' F P' denotes either a session transition or a f3—transition. 


Deterministic transitions imply the r-inertness property, which is a property that 
ensures behavioural invariance on deterministic transitions. 


Proposition 4.3 (r-inertness). Let r\%\A f P>o be a balanced HOtt process. Then 
- r-,A\- P^ A' ^ P' implies r-,A F P zl' F P'. 
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- r-, A \-P ^ A' \r P' implies r-,A i-P A'P'. 


Proof. The proof for Part 1 relies on the fact that processes of the 
form T; 0;zl I- s\{V).Pi \ sl{x).P 2 cannot have any typed transition observables (for both 
s and s are dehned in A) and the fact that bisimulation is a congruence. See details in 
Appendix |B.2| (Page[70|. The proof for Part 2 is straightforward from Part 1. □ 

Processes that do not use shared names are inherently deterministic, and so they 
enjoy j-inertness (in the sense of El). 

Corollary 4.2 (C“®'^ r-inertness). Let r\%',A \- P>o be an process. 

- r, A \- P^ A’ h P' if and only ifP^A I- P Zl' h P'. 

- r-,A P A' P' implies r-,A P A' P'. 


Lemma 4.3 (Up-to Deterministic Transition). Let r\A\ i- Pi ZI 2 h gi such that if 
whenever: 


1. 'i{vm\)n\{V\) suchthat r',A\\-P\ 


(v mi)n\{Vi) 


h P 3 implies that 3Q2, V 2 such that 


r;A 2 H Qi 


(v m2)n\{V2} 


4^22 


and 

r-,A 2 h P 3 (=4 zl'j 1 - P 2 

and for fresh t: 

r-,A" h (v mi)(P 2 I f Vi) A 2 h (v m 2 )(Q 2 I ? ^ 2 ) 

t 

2. 4^ (v m)n\{V) such that P;zli h Pi 1 —> ZI 3 h P 3 implies that 3 Q 2 such that 

L',Ai h Qi^^A2 I- Q 2 


and 

r-,A 2 h P 3 t=> A\ P 2 

andr-,A\ 1-P 2 ^R 4 I -02 
3. The symmetric cases of 1 and 2. 

Then'K 

Proof. The proof is easy by considering the closure 


= {r-,A\ h P 2,4 h gi 


P;zli I- Pi ^R 4 I- ei,P;zli 1 - Pi A[ h P2) 


We verify that ^R'^ 


is a bisimulation with the use of Proposition 


4.3 


□ 
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5 Typed Encodings 

This section defines the formal notion of encoding, extending to a typed setting existing 
criteria for untyped processes (as in, e.g. II36I37I38I16I28I541I 1. We first define a typed 
calculus parameterised by a syntax, operational semantics, and typing. 

Definition 5.1 (Typed Calculus). A typed calculus X is a tuple: 

{ 

where C and T are sets of processes and types, respectively; and i—>, and i- denote 

a transition system, a typed equivalence, and a typing system for C, respectively. 

Our notion of encoding considers a mapping on processes, types, and transition labels. 
Definition 5.2 (Typed Encoding). Let X.i = {Ci,Ti,\—(i - 1,2) be typed cal- 

t 

culi, and let LAi be the set of labels used in relation i —Given mappings [■] : Ci ^ C 2 , 

((■)) T 2 , and f} ^ 2 , we write {I'l,(('),{{'|) : Xi —> X 2 to denote the typed 

encoding o/Xi into X 2 - 

We will often assume that C')) extends to typing environments as expected. This way, 
e.g.,C4l-«;5» = «.l»-M;C5>. 

We introduce two classes of typed encodings, which serve different purposes. Both 
consist of syntactic and semantic criteria proposed for untyped processes II37I16I28L 
here extended to account for (higher-order) session types. First, for stating stronger 
positive encodability results, we define the notion of precise encodings. Then, with the 
aim of proving strong non-encodability results, precise encodings are relaxed into the 
weaker minimal encodings. 

We first state the syntactic criteria. Let cr denote a substitution of names for names 
(a renaming, in the usual sense). Given environments A and L, we write cr(zl) and cr(r) 
to denote the effect of applying cr on the domains of A and L (clearly, cr{r) concerns 
only shared names in L: process and recursion variables in F are not affected by cr). 

Definition 5.3 (Syntax Preserving Encoding). We say that the typed encoding {I-I-}]} 
Xi —> X 2 is syntax preserving if it is: 

1. Homomorphic wrt parallel, if iry,(/i;^Ai ■A2} Hi [Pi | P 2 ] >0 then 

((r});&;((A,}-((A2}h2 IPi]|[P2l>o. 

2. Compositional wrt restriction, if iry(l)-,^A} Hi |[(v«)P]>o then 

«r»;0;«2l»H2 (yn)lPJ>o. 

3. Name invariant, //'Ccr(P)));0;({cr(zl))) Hi |[cr(P)]>o then 
cr(((P)));0;cr(C4l))) H 2 cr(lPJ)> o, for any injective renaming of names cr. 

Homomorphism wrt parallel composition (used in, e.g., 0371381 ) expresses that encod¬ 
ings should preserve the distributed topology of source processes. This criteria is ap¬ 
propriate for both encodability and non encodability results; in our setting, it admits an 
elegant formulation, also induced by rules for typed composition. Compositionality wrt 
restriction is also naturally supported by typing and turns out to be useful in our encod¬ 
ability results (see the following section). Our name invariance criteria follows the one 
given in Next we define semantic criteria for typed encodings. 
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c 

Definition 5.4 (Semantic Preserving Encoding). Lef X, = <Ci,T),i—(/ = 1,2) 
be typed calculi. We say that ([■l.C'KS'l): Xi —> X 2 is a semantic preserving encoding 
if it satisfies the properties below. Given a label t + T,we write subj(^) to denote the 
subject of the action. 

1. Type Preservation; ifr-,%-,A Hi P>o then (r};&;(A} 1-2 [P] >o,/or any P in Ci- 

2. Subject preserving; i/'subj((’) = u then sub(f Cf) = u. 

3. Operational Correspondence; Ifr-,(tr,A Hi P>o then 

(a) Completeness: If r',A Hi P h-Ui A' Hi P' then 3l2,Q,A" s.t. 

(i) «r»;«2l» H 2 IPJ J ^2 «2l"» h 2 ft (ii) I 2 = Uxl and 
(m)«r>;«zl"»H2 0^2C^'»H2 in. 

(b) Soundness: If ir};iA} H 2 [P] 1=^2 C^”)) ^2 Q then 3(\,P',A' s.t. 

(i) r;A^iP^iA'HP', (ii) €2 = Ki I, and (Hi) «P»; {A'} H 2 IP' 1 ^ 2 C^"» H 2 ft 

4. Full Abstraction: 

r;Ai Hi Ps!i A 2 Hi Q if and only //'«P»;C^i» H 2 [P] ~2 (ft 2 » ^2 IGl- 


Type preservation is a distinguishing criteria in our notion of encoding: it enables us 
to focus on encodings which retain the communication structures denoted by (session) 
types. The other semantic criteria build upon analogous definitions in the untyped set¬ 
ting, as we explain now. Operational correspondence, standardly divided into complete¬ 
ness and soundness criteria, is based in the formulation given in II161281 . Soundness 
ensures that the source process is mimicked by its associated encoding; completeness 
concerns the opposite direction. Rather than reductions, completeness and soundness 
rely on the typed LTS of Definition 4.10 labels are considered up to mapping S |, 
which offers flexibility when comparing different subcalculi of HO; 7 r. We require that { f 
preserves communication subjects, in accordance with the criteria in l28l . It is worth 
stressing that the operational correspondence statements given in the next section for 
our encodings are tailored to the specifics of each encoding, and so they are actually 
stronger than the criteria given above. Finally, following 048I38I57I . we consider full 
abstraction as an encodability criteria: this results into stronger encodability results. 
From the criteria in Definition 5.3 and Definition 5.4 we have the following derived 
criteria: 


Proposition 5.1 (Derived Criteria). Let (I-],((■)),{■))): Xi —> X 2 he a typed encoding. 
Suppose the encoding is both operational complete (cf. Definition \5.4\ 3(a)) and sub¬ 
ject preserving (cf. Definition |5.4f 2 ). Then, it is also barb preserving, i.e., r',A Hi P i„ 
implies «r»; {A} H 2 [PI IJ.,,. 

Proof. The proof follows from the definition of barbs, operational completeness, and 
subject preservation. □ 

We may now define precise and minimal typed criteria: 

Definition 5.5 (Typed Encodings: Precise and Minimal). We say that the typed en- 
coding{lU-U-})--Ci^£2is 
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(i) precise, if it is both syntax and semantic preserving (cf. Definition \5.3\ and Defini¬ 
tion^^. 

(ii) minimal, if it is syntax preserving (cf Definition |5..?| ), and operational complete 
(cf Definition \5.4\ 3(a)). 

Precise encodings offer more detailed criteria and used for positive encodability 
results (Section]^. In contrast, minimal encodings contains only some of the criteria of 
precise encodings: this reduced notion will be used for the negative result in Section]?] 
Further we have: 

Proposition 5.2 (Composability of Precise Encodings). 

X .2 and ■ -Cl ^ -C 3 be two precise typed encodings. Then their compo¬ 
sition, denoted o ° o : Xi ^ X 3 ii also a precise encoding. 

Proof. Straightforward application of the dehnition of each property, with the left-to- 
right direction of full abstraction being crucial. □ 

In Section]^we consider the following concrete instances of typed calculi (cf. Def¬ 
inition]^]!]): 

Definition 5.6 (Concrete Typed Calculi). We define the following typed calculi: 

■ChOti - (H07r,7"i,i— 



6 Positive Expressiveness Results 

In this section we present a study of the expressiveness of HOtt and its subcalculi. We 
present two encodability results: 

1. The higher-order name passing communications with recursions (HOtt) into the 
higher-order communication without name-passing nor recursions (HO) (Section ]6T] l 

2. H0.7r into the hrst-order name-passing communication with recursions in) (Sec¬ 
tion ]6]^. 

In each case we show that the encoding is precise. 

We often omit H and C from and for simplicity of the notations. 

Remark 6.1 (Polyadic HO;7r). We can assume a semantic preserving encoding from the 
polyadic HO;7r to the monadic HO;7r. Polyadic HOtt assumes a polyadic extension of the 
HO;7r semantics that defines values as y ::= u \ dx.P and input prehx as n?(i).P. See 
Section]8^for the full dehnition of polyadic HO;7r. 
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6.1 Encoding HOtt into HO 

We show that the subcalculus HO is expressive enough to represent the the full HO; 7 r 
calculus. 

The main challenge is to encode (1) name passing and (2) recursions. Name passing 
involves packing a name value as an abstraction send it and it and then substitute on 
the receiving using a name appication. The encoding on the recursion semantics are 
more complex; A process is encoded as an abstraction with no free names (i.e a shared 
abstraction). We then use higher-order passing to pass the process and duplicate the 
process. One copy of the process is used to reconstitute the original process and the 
other is used to enable another duplicator procedure. We handle the transformation of 
a process into a linear abstraction with the definition of an auxiliary mapping from 
processes with free names to processes without free names (but with free variables) 
(Definition |6.2| i. We first require an auxiliary definition: 

Definition 6.1. Let (|| ■ I) : 2^ ^ O'" be a map of sequences lexicographically ordered 
names to sequences of variables, defined inductively as: 

(|e|D = e (\\n-m\\)^Xn-(\\m\\) 

Given a process P, we write ofn(P) to denote the sequence of free names of P, 
lexicographically ordered. 

The following auxiliary mapping transforms processes with free names into abstrac¬ 
tions and it is used in Definition |63] 

Definition 6.2. Let cr be a set of session names. Define [[ ■ : HOtt — > HOtt as in 

Figure^ 

Given a process P with fn(P) = mi,-- - ,m„, we are interested in its associated 
(polyadic) abstraction, which is defined as Axi,--- [[Pj^, where (\\mj\\) = xj, for all 

y e This transformation from processes into abstractions can be reverted by 

using abstraction and application with an appropriate sequence of session names: 

Proposition 6.1. Let P be a HOtt process with h — ofn(P). Also, suppose x - (l|n|[). Then 
P = xh{Ax. LPJb/x). 

Proof The proof is an easy induction on the map [[Pjg. We show a case since other 
cases are similar. 

- Case: [n!(m).Pj 0 = v„!<Xm).[Pj 0 

We rewrite substitution as: xh{^^-^n'-{ym)-^P%lx] = (x„!(ym)-P){^/«) 

If consider that x„,ym 6 dlnD then from the definition of (|| ■ I) we get that n,m e h. Fur¬ 
thermore by the fact that h and (||n|[) are ordered, substitution becomes: n!{m).[[Pj| 0 {x/«). 
The rest of the cases are similar. □ 

We are now ready to define the encoding of HOtt into strict process-passing. Note 
that we assume polyadicity in abstraction and application. Given a session environment 
A-{ni :S . ,nm : Sm), in the following definition we write 5^ to stand for 5 1 ,.. ■,Sm- 
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Fig. 7 The auxiliary map (cf. Definition |6.2| i used in the encoding of HOtt into HO (Def¬ 
inition |( 


6.31. 


Uyn)P!i^ 

ln\{Ax.Q).Pla 

lnl{X).Pla 


ln>[li : 


l{Ax.P)nl^ 

[OJ,, 

IP\Q\^ 


(v n)lLTj|^.„ 

I Xn l(Ax. [ej|o.>.lLFj|o- nio- 
\ n\{Ax.lQl^).\^Pl^ ne(T 
{x„^{X).lPl^nio■ 

\ «?(X).1LPJ|^ « 6 o- 
{x„<l.'iP\^ nicr 
1 n<l.lP\^necr 
I x„>(/i : n^o- 

\ : [TiJIo-lie/«6o- 

{ xx„ nia 
xn nE a 

I i^x\Pl^)Xn nicr 
\ {^x.'iP\^)n necr 

0 

IPL I IQL 


Definition 6.3 (Encoding HOtt into HO). Let f be a function from recursion variables 
to sequences of name variables. Define the typed encoding ({■))',S'|^) : JLhOk 

Xho. where mappings [■]', C'))*. {{'1^ are as in Figure]^ Wfe assume that the mapping 
((■))^ on types is extended to session environments A and shared environments F as fol¬ 
lows: 

iA-s-.Sy ^iAf-s:iSf 
ir-u-.{L)y ^iry-u-.iiLf) 

ir-X-.Ay = ((ry-x: (S^,s *)^0 (where S* =pt.?((S.^,t)^o); end) 


Note that A in X : A is mapped to a non-tail recursive session type. Non-tail recursive 
session types have been studied in EEl; to our knowledge, this is the first application 
in the context of higher-order session types. For a simplicity of the presentation, we 
use the polyadic name abstraction and passing. Polyadic semantics will be formally 
encoded into HO in Section lS^ 

We explain the mapping in Figure 


6.3 


focusing on name passing (|[m!{w).P ]1 and 


lul{x).Pyy, and recursion {fpX.Py and 


f ' 


ji/y 


Name passing A name w is being passed as an input guarded abstraction; the ab¬ 
straction receives a higher-order value and continues with the application of w over the 
received higher-order value. On the receiver side ul{x).P the encoding realises a mech¬ 
anism that i) receives the input guarded abstraction, then ii) applies it on a fresh session 
endpoint s, and iii) uses the dual endpoint s to send the continuation P as the abstraction 
Ax. P. Then name substitution is achieved via name application. 
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Fig. 8 Typed encoding of HOtt into HO (cf. Defintion 63]i. 


Terms 


u\(Az. z?(x).(xv)>.[P]} 


lu7{k).Qf^ ‘^= ul(x).(v sKxs I -s\(Ax. [ei}>.0) 

h = ofnCF) 
n = f(X) 


lu\{Ax.Q}.Pjj u\(Ax.m).}.lPj} 

iMX.Pjj (y i)(i?(x).[Fl}|^^-, |i!<d(P|D,y).y?(zx).lL[fl)-_|x^;i,Jl0>.O) 


mj. 

Ixu]} 

PI 21} '= 

[01} ‘‘= 

Types 

«C»J 

CC^o»J 

(«5»)' 

i\{uy,sf 

Ct»l 

Cend»' 

Labels 

|(y mi)n!(m>|' 
|(vm)n!<dx.F)|' 

1 


(y i)(zx(«,.s) I iKdiflliilD.y)- zz(PID,y))-0) 
s<im} 

XU 

PI}1121} 

0 

(?(CCy^<>);end)^o if C = S 
(?(((C))*^<>);end)^<> otherwise 


[r<?(x).P]} = «?(x).pi} 


/ 


ls>{lr.Pi]iell} = ^>{/,:P,l}lfe/ 

[(dx.P)M]} ‘^= (dx.p]})« 
[(y«P]} ‘^= (y«)Pl} 


Kiu)yy,isf 

®{li ■■ iSiD^hel 

t 

end 

(y mi)n\{Az. z?(x).xra) 
(y m)n\{Ax. P]}> 
n®l 

T 


«c^o»i ccy^o 

(«L»)' ‘^= <CL»i> 
vxuysf ?(Cf/)'');C5»' 

c&{//; 5 , 1 ,■<=/»' ‘^= &{/, :C 5 ,»Mfe/ 

pt.5»' ‘^= pt.«5»> 


= nl{Xz. Z^Sx).xm) 
{nl{Ax.P)t n?<dx.p];> 

fn&Z|' nScl 


Recursion The encoding of a recursive process jiX.P is delicate, for it must preserve 
the linearity of session endpoints. To this end, we; i) record a mapping from recursive 
variable X to process variables zx', ii) encode the recursion body P as a name abstraction 
in which free names of P are converted into name variables; iii) this higher-order value 
is embedded in an input-guarded “duplicator” process; and iv) make the encoding of 
process variable x to simulate recursion unfolding by invoking the duplicator in a by¬ 
need fashion, i.e., upon reception, abstraction [[PJ^. is duplicated with one copy used to 
reconstitute the encoded recursion body P through the application of £n(P) and another 
copy used to re-invoke the duplicator when needed. 

Proposition 6.2 (Type Preservation, HOtt into HO). Let Pbea HO;7r process. Iff-, %\A\- 
P>o then CP»';0;«zl»' i- IPl}>«. 

Proof. By induction on the inference P;0;zl i- P>o. Details in Proposition |C. 1 | (Page[7T]i. 

□ 
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The following proposition formalizes our strategy for encoding recursive definitions 
as passing of polyadic abstractions; 

Proposition 6.3 (Operational Correspondence for Recursive Processes). Let P and 

P\ be HOtt processes s.t. P — pX.P' and P\ — iX) = P. 

( 

Ifr',A H P I—» /";/(' h P' then, there exist processes R\, R 2 , R 3 , action {', and mappings 
f,fl, such that: 


(i) iry-,iA}' H p ^ «r»';C2i»' H = Ri; 

(ii) «r»';C2l>' H Ri «r»';«z(»i H R 2 , with (' = f^|i; 

(Hi) Jo-> - ofn(P').'Z) and f\ - f,{X —> ofn(P'))- 


Proof (Sketch ). Part ( 1) fo llow directly from the definition of typed encoding for pro¬ 
cesses H']! (Definition 6.3 1 , observing that the reduction occurs along a restricted name, 
and so the session environment remains unchanged. Part (2) relies on Proposition |6.4| 
Part (3) is immediate from Definition|6.3| □ 


The following proposition formalises completeness and soundness results for the 
encoding of HOtt into HO. Recall that deterministic transitions Ts and have been 
defined in Definition l4.14l 


Proposition 6.4 (Operational Correspondence, HOtt into HO). Let P be a HOtt pro¬ 
cess. Ifr;%;A h P>o then: 

1. Suppose r',A 1 - P I—> A' h P'. Then we have: 

a) If{\ e {(v m)n\{m), (v m)n\{Ax. Q), s®l, s&l] then 3^2 s.t. 

({ry-,iAy h [P]} 3. iA'y h [P1} and £2 = 

b) If{\ - nl{Ay. Q) and P' = then 3t2 s.t. 

iry-xAy F [P]} ^ iA'y h [Poi^yy-^Q^/x} andh = iad’. 

c) If — nl{m) and P' — Po{™/v) then 3(2, R s.t. 

iry-AAy F [PI} ^ iA'y f r, wm a = sai', 
andin^xA'y hP «zi'»' F iPoi}r/x). 

d) If t\ — T and P' = (v m)(Pi | P 2 {™/x)) then 3R s.t. 

iryxAy F [P]} ^ iAy f (v miPd'f i r), and 

iryXAy F (y m)([Pil} I R) iA}^ F (vm)([Pi]} | [Pzljr/x)). 

e) If(\ - T and P' = (v fh){P\ \ P2{^1'- 2/x)) then 

iry-AAy F [PI} ^ iA,y f (v m)([Pii} i m^yy-'^Q^hx)). 

f) If{\ - T and P' f. (y m){P\ \ P 2 {™/x)) A P' ^ (y m)(P\ \ P 2 {^>'- 2/x)) then 

iry-AAy ^ipff^iA'^y ^ IP'ff. 

2. Suppose iry-AAy F [P]} iA'y F Q. Then w have: 

a) If I 2 G {(y m)n\{Az. z2(x).(xm)}, (y m)n\{Ax.R), s®l, s&l} then 3£\,P' s.t. 

r-,AbP^A' b P', A = 8Al\ and Q = [P']}. 
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b) If £2 - nl{Xy.R) then either: 

(i) 3{i,x,P',P''s.t. 

r-A^P^A'v- P'{3y.P"lxl = R, and Q = [P']}. 

(ii) R=yl{x).{xm) and3{\,z,P' s.t. 
r-AhP^A' P'{™/z), £i = U 2 V, and 

H Q iA"y h ip'mi} 

c) If (2 - T then zl' = zl and either 

(i) 3P' s.t. r;zl h P 1 -^ zl I- P’, and Q = [P']}. 

(ii) 3P\,P2,x,m,Q' s.t. r;A h Pi—>zl 1 - {vm){P\ \ P2{™/^)X and 
iPf-i^f H Q ^A3. «.!»' h IPil} I [Pzr/x)!} 

Proof. The proof is a mechanical induction on the labelled Transition System. Parts (1) 
and (2) are proved separetely. The most demanding cases for the proof can be found 
in Proposition |C.2| (page [7^ . □ 

Proposition 6.5 (Full Abstraction, HOtt into HO). Let P\,Q\ be HOitt processes. 
r-Ai h Pi ^^Zl 2 h Qi if and only ifiPfAAxf H [Pi]} «Zl 2 >‘ h [gi]}. 

Proof. The proof for the soundness direction considers closure that can be shown to be a 
bisimulation following the soundness direction of Operational Correspondence (Propo- 
siti on |6.4| i. Whenever needed the proof makes use of the r-inertness result (Proposi¬ 
tion [43]^ 

The proof for the completness direction also considers a closure shown to be a 
bisimulation up-to deterministic transition (Propositio n|4.3| l following the completeness 
direction of Operational Correspondence (Proposition |6.4| i. 

Details of the proof can be found in Proposition |C.3| (page[76]l. □ 

Proposition 6.6 (Precise encoding of HOtt into HO). The encoding from LLhOtt to Xho 
is precise. 

Proof. Syntactic requirements are easily derivable from the definition of the mappings 
in Figure Semantic requirements are a consequence of Proposition |6.2| Proposi¬ 
tion |6^ and Proposition |6^ □ 

Example 6.1 (Encode pX.a\{m).X into HO). 

Mapping: Term mapping of HOtt process pX.a\{m).X into a HO process. We note 
initially f The first application of the mapping will give; 

lpX.a\{m).X'\^ = (v si)(si?(x).[a!<m). 2 c]*^^^_^^ | 

ir!<T(x„,Xm,z).z?(x).[[a!<m).x]|^^^^^j0).O) 

with 

= a\{Az.z'l(x).(xm)}.lx}l^^^^^ ^ 

= a\{Az.Z^{x).(xm)).(v S2){x(a,m,S2) I 'S2K3{Xa,Xm,Z).x(Xa,X,„,z)).0) 
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Furthermore: 

= la\{Az.z‘^(x).(xm)).(v S 2 )(x(a,m,S 2 ) I S 2 l{A(Xa,Xm,z).x(Xa,Xm,z)). 0)4 
^ Xa'.(Az.z7(x).(xXm)}-l('^ S 2 )(x(a,m, S 2 ) I S 2 \{A{Xa,Xm,z).x{Xa,Xm,z)).Q)^i,i 
^ Xa\{Az.z"!{x).{xXm))-{v S 2 ){x{Xa,Xm,S 2 ) I '^l{A(Xa,Xm,z).x(Xa,Xm,z)}.(i) 

The whole encoding would be: 

V = A(Xa,Xm,z).z7(x).Xa!(Az.z7(x).(xXm)).(v S 2 )(x(Xa,Xm,S 2 ) I '^K^{Xa,Xm,z).x(Xa,Xm,z)}.0) 
[lJLX.a\{m) .X\^ = 

(v il)(Tr!<y).0 I S\l(x).a\{Az.z7{x).{xmy}.(Y S2)(^l{A(Xa,Xm,z).x(Xa,Xm,z)}.0) I x(a,m,S2)) 
Transition Semantics: We can observe liiX.a\{m).X\^ as: 

(v Si)(5TKy)-0 I Sl?(x).a!(/lz.z?(x).(xm)>.(v S2)(^HA(Xa,Xm,z).x(Xa,Xm,z)}.0) | x(a,m,S 2 )) 

T 

a\{Az.z7(x).(xm)). 

(v S2)(S2Ky)-0 I S27(x).a\{Az.z7(x).(xm)).(v S2)(^\{A(Xa,Xm,z).x(Xa,Xm,z)}.0) I x(a,m,S 2 )) 

=a 

al{Az.z7(x).(xm)}. 

(V Sl)(Tr!(y>-0 I Sl?(x).a!(/lz.z?(x).(xm)>.(v S2)(^KMXa,Xm,z).x(Xa,Xm,z)}.0) I x(a,m,S2)) 
a\{Az.z7(x).(xm)).lfiX.a\{m).XJ^ 

(3!</lZ.Z?(A').(xm)) 

Typing Semantics: We further show that \iiX.a\{m).XJ^ is typable: 

T;0;0 h a> J/i = end- 00 ) 

T; 0; 0 h m > U 2 

r;%;s 2 :f s 2 :?(L);endi- i 2 ‘^?(T);end 
T; 0; 01- X > (t/i, t/ 2 , ?(L); end)^o 

r;0; S 2 end h x{a,m, S 2 )><> 

r■ Xa '■ UI ■ Xm '■ 1 / 2 ;0;0 ^ Xa>Ui - {7{U2-°<>)\ end-oo) 
r-Xa : U\ ■ : t/2;0;0FXm>t/2 

r\%\z :?(L);end f z>7(L );end 
r;%;%hx>(Uu U2,7(L); end)^o 

r-Xa- Ui'Xm' U 2 ',®',Z :?(L);end 1 - x{Xa,Xm,z)>0 
T;0; 0 1 - A{xa,Xm,z).x(xa,Xm,z)>{U\,U2, ?(T); end )^0 

Result (|^ 

r;%;^ :!((t/i, t/ 2 ,?(T);Gnd)—>o);end h i 2 >K(t^F ?(T); end)—> 0 ); end 
r;0;i^ :!<(t/i,t/ 2 ,?(T);end)^o);end i-i^!<T(xa, 2 Cm,z)--^(-^a, 2 i:m,z))- 0 >o 


(10) 
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Result 0 Result ([TOli zl = S 2 S 2 »«);end 

r\%\A h '^\{A(Xa,Xm,z).x(Xa,Xm,z)}.0 \ x(a,m,S2)>0 


Result ([TT|i ?(L);enddual !{(t/i,t/2,?(i');end)^o);end 
L - {U\,U2, end)^o implies 
?(L);end = yut.?((t/i, t/2>t)->o);end 

r;0;0 I- (v S2)(S2'-mXa,Xm,z).x(Xa,Xm,z)}.0 \ x{a,m,S2)>o) 


Result ( [T^ 

r;0;0 I- a>(?(t/2^<>);end-oo) 
r;0;0 I- Az.z%x).{xm)>l{U 2 -°o)', end-oo 

-^- (1^) 

r;0;0 h a\{Az.z%x).(xm)).(v S2)(s2K'l(xa,Xm,z).x(xa,Xm,z)}.0 I x(a,m,S 2 ))>o 


Result ([T^ r = r\x 

r; 0 ; 0 i-x>(t/i,t/ 2 ,;ut.?((t/i,t/ 2 ,f)^o);end)^o 
r;0;zl 1 - si>?((t/i,t/ 2 ,pt.?((t/i,t/ 2 ,t)^o);end)^o);end 


Sl^(x).a\{Az.Z^(x).(xm)).(v S2)(S2KMXa,Xm,Z).x(Xa,Xm,Z)}.0 \ x(a,m, S2))> o 


V = A(Xa,Xm,z).z'?(x).XaHAz.z7(x).(xXm)). 

(V S2)(x(Xa,Xm,S2) | S^HA(Xa,Xm,z).x(Xa,Xm,z)).0) 
r;0;0i-y>(t/i,t/2,yLrt.?((t/i,t/2,t)^<>);end)^o 
r;0;zl2 h t/2,;ut.?((t/i,t/2,0^o);end)^o);end 

r';&;A 2 i-JT'-(V). 0 >o 

Result ( [T^ Result ( [T5] l 
r\%\A\ ■A 2 H is7!(V).0 I si?(x).a!(/lz.z?(x).(xm)). 

(V S2)(S2K'^(Xa,Xm,z).x(Xa,Xm,Z)}.0) \ x(a,m, * 2 ) ><> 
r;0;0 h (v si)(sr!(V).0 | si?(;ii:).a!(/lz.z?(;ii:).(xm)). 

(V S2)(^'-{MXa,Xm,z).x(Xa,Xm,z)).0) | x(a,m,S 2))>0 


□ 


6.2 From HOtt to n 

We now discuss the encodability of HO into tt where we essentially follow the repre- 
sentability result put forward by Sangiorgi 1451501 . but casted in the setting of session- 
typed communications. Intuitively, the strategy represents the exchange of a process 
with the exchange of a freshly generated trigger name. Trigger names are used to acti¬ 
vate copies of the process, which now becomes a persistent resource represented by an 
input-guarded replication. In our calculi, a session name is a linear resource and can¬ 
not be replicated. Consider the following (naive) adaptation of Sangiorgi’s strategy in 
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Fig. 9 Typed encoding of HOtt to n (Definition 6.4 1 . Mappings [-F, i:Y, and are 
homomorphisms for the other processes/types/labels. 


r HA Pl|2 I * al(y).yl{x).lQf)) s i fn(0 

-M)- Jl \(yi)(„!<i),([Fl2|5?(y).y?(x).[e]2)) otherwise 

luA(x).Pf ul(x).lPf 

Ixuf (v j)(x!(j).^!{m).0) 

UAx.P)uf (y 5 )(^?(x).[F] 2 I i!<M).0) 


i\{S^oy,Sif !«?(«5»2);end»;CSi»2 

C?(S^o);5i» 2 ?«?(((S»2);end»;C5i»2 

C!<5^o);5i» 2 !(?(C5»2);end);C5i>2 

«?(5^o);5i» 2 ?(?(«5»2);end);((5i»2 

{{v m')n\{Xx.P)\^ (v m)n\(m) 

{n}{Ax.P)\^ nl{m) m fresh 


which session names are used are triggers and exchanged processes would be have to 
used exactly once: 


[M!(dx. Q).pr = (V s)(m!(s).(IPF I «?W.I0F)) 

iul{x).PY uKxUPr 

[xmF x!{m).0 

with the remaining HOtt constructs being mapped homomorphically. Although [ ]” cap¬ 
tures the correct semantics when dealing with systems that allow only linear abstrac¬ 
tions, it suffers from non-typability in the presence of shared abstractions. For instance, 
mapping for P - n\{Ax.x\{m}.0}.0 \ nl(x).(xsi \ xs 2 ) would be: 

Hpf 

[Pf = (v i)(«!(s).s?(x).x!(m).0 | n?(x).(x!<si).0 | x!<S 2 )- 0 )) 

The above process is non typable since processes (x!(si).0 and x!(s2)-0) cannot be put 
in parallel because they do not have disjoint session environments. 

The correct approach would be to use replicated shared names as triggers instead of 
session names, when dealing with shared abstractions. Below we write *P as a short¬ 
hand notation for /rX(P | X). 

Definition 6.4 (Encoding HOtt to tt). Define encoding ([■p,(('»^,S'|^) : -ChO;: —> -Cn 
with mappings [-p, ({■))^, S-))^ as in Figurej^ 

Proposition 6.7 (Type Preservation, HOtt into tt). Let P be a HOtt process. IfF; 

P><> f/zen CF» 2 ; 0 ;« 2 l »2 h IPF>o. 

Proof. By induction on the inference P;0;zl i- P>o. Details in Proposition |C.4| (Page[79]l. 

□ 
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Remark 6.2. As stated in 11481 Lem. 5.2.2], due to the replicated trigger, operational 
correspondence in Definition 5.4 is refined to prove full abstraction: e.g., completeness 
of the case {\ + t, is changed as follows. Suppose: 


r-,AhP^A' hP' 


\f{\ - (v m)n\{Ax.R), then 


iPf-iAf^iPfy^iA'f^Q 

where ti - {va)n\{a) and Q - \P' \ * al{y).yl{x).Rj'^. 

Similarly, if - nl{Ax.R), then 

where (2 - n\{a) and |[P']^ (v a)(Q | * a?(y).y?(x).l[/?]^). Soundness is stated in a 
symmetric way. 

This last remark is stated formally in the next proposition: 

Proposition 6.8 (Operational Correspondence, HOrr into tt). Let P be an HOrr pro¬ 
cess such that r;(d;A i- P>o. 

Cl 

1. Suppose r',A P I—> A' h P'. Then we have: 

a) If €\ — (v m)n\{Ax. Q), then AP',A",R where either: 

1^1 l2 

- «zl»2 H [P]2 ^ r ■ «r»2; ((A'f h IP'f I * al(y).yl{x).lQf 

- iPf- ({Af h IPf ^ irf\A" h IP'f I 5 ?(y).y?(x).[ 0]2 

b) If{\ - nI{Ay.Q} then 3R where either 

J^l |2 

- iPf--, iAf- h |[P]2 VA r; iA"f- h RJor some P' and 
iPf-,Wf b IP'f iA"f h (V a)(R I * al{y).yl{x).lQf) 

S£. |2 

- inh iAf h IPf ^ CC»2; iA"}f h R, and 
iPf-AA'f b IP'f iA"f b (V s)(R I ^?(y).y?(x).ie]2) 

c) If{\ - T then either: 

- 3R such that 

«r>2;0; ((Af h IPf 

^ iA’f b (y m)(lP,f I (y a)([P 2 F{«/v) I aI{y).yI{x).lQf)) 

- such that 

iPf-%- iAf b [PF 

^ (A'f b {vm)(lPif I (V ^)([P 2 FP/v) I ^?(y).y?(v).[e] 2 )) 

- irf-, iAf b IPf ^ iPf; iA'f b IP'f 

- and {Pf- iAf b [Pp A {Pf- iA'f b {P'f 
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d) If€\ e {n®l,n&l] then 

3h = Ihf such that irf- Czl»2 h [P]2 ^ irf- iA'f h IP'f. 

2. Suppose irf-XAf H [PF ^ irf-X^'f F R. 
o) If ^2 — (y m)n\{m) then either 


(v m)n\(m) ^ 

3P'such that P ^ P'and IP'f. 


3Q,P' such that P 


p, ^ I ^ al{y).yl{x).lQf 
sl{y).yl{x).lQf 


n\{Ax.Q) -) 

- 3Q,P such that P i—> P and R — \_P f 


b) Ifll - nl{m) then either 


- 3P' such that P 


nl{m) 


P' andR^lP'f. 


n‘^{Ax. Q) 

3Q,P such that P i—> P 


and ({ryXiA'Y h IP'f ({A'Y h (v a)(R \ * al{y).yl{x).lQr) 

nl{Ax. Q) 

- 3Q,P'such that P i—> P' 

and iPfX^'f F IP'f ((A'Y F (v s){R \ ^? 0 ;).y?(x).ie] 2 ) 

c) If £2 = T then 3P' such that P P' and iPYX^'f F [P'P iA'f 

d) If (2 i {n\{m),n®l,n&l] then 3{\ such that t\ — i( 2 f and 

r\A\-P\^r\AhP'. 


fP. 


Proof The proof is done by induction on the labelled transition system considering 


Definition 6.4 The most demaning cases are Part lb and Part 2b where we require a 
further induction to proof bisimulation closure. 

Details of the proof of the most demanding cases can be found in Proposition |C.5| 

(pagejg. □ 

Proposition 6.9 (Full Abstraction, From HOtt to n). Let P\,Q\ be HOtt processes. 
r-Ai F Pi ^^A 2 f Qi if and only ifiPYX^xY F [PiP ^ 


Proof. Proof follows directly from Proposition 6.8 The cases of Proposition 6.8 


are 


used to create a bisimulation closure to prove the the soundness direction and a bisim¬ 
ulation up to determinate transition (Lemma [4. 3 [ ) to prove the completeness direction. 

□ 


Proposition 6.10 (Precise encoding of HOtt into n). The encoding from to £,n 
is precise. 

Proof. Syntactic requirements are easily derivable from the definition of the mappings 
in Figure Semantic requirements are a consequence of Proposition |6.7| Proposi¬ 
tion]^^ and Proposition [6|9j □ 


7 Negative Encodability Results 

As most session calculi, HOtt includes communication on both shared and linear chan¬ 
nels. The former enables non determinism and unrestricted behavior; the latter allows 
to represent deterministic and linear communication structures. The expressive power 
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of shared names is also illustrated by our encoding from HOtt into tt (Definition |6.4[ ). 
Shared and linear channels are fundamentally different; still, to the best of our knowl¬ 
edge, the status of shared communication, in terms of expressiveness, has not been 
formalized for session calculi. 

The above begs the question; can we represent shared name interaction using ses¬ 
sion name interaction? In this section we prove that shared names actually add expres¬ 
siveness to HOtt, for their behavior cannot be represented using purely deterministic 
processes. To this end, we show the non existence of a minimal encoding (cf. Defi¬ 
nition |5.5[ ii)) of shared name communication into linear communication. Recall that 
minimal encodings preserve barbs (Proposition |5.1[ ). 

Theorem 7.1. Let Ci,C 2 e {HO;r, HO.tt). There is no typed, minimal encoding from 
XCi -Cq-su 

Proof. Assume, towards a contradiction, that such a typed encoding indeed exists. Con¬ 
sider the n process 

P - a(s).0 I a{x).n<li.Q \ a(x).m<l2.0 (with n + m) 
such that r■,(/>■,A \- P>o. From process P we have; 

r',A h P I—> A' h n<li.O I a(x).m<l2.0 = Pi (16) 

r',A h P i—> A' m<l2.0 I a(x).n<li.O = P 2 (17) 

Thus, by definition of typed barb we have; 

r-,A' k Pi in L r-,A' k PiYm (18) 

r-,A' ^ P 2 im L r-A' ^ P 2 in (19) 

Consider n ow t he process [P]. By our assumption of operational completeness 

(Definition |5.4[ -2(a)), from ([T^ with ( [T7l l we infer that there exist processes S 1 

and S 2 such that; 


«P»; m b [P] «2l'» h 51 ^ [Pi 1 (20) 

«P»; m b [P] ({A'} h 5 2 ^ IP 2 I (21) 

By our assumption of barb preservation, from ( [T8] l with ( [T9] l we infer; 

«P»; «^'» b [Pi 1 A «r»; ({A'} H [Pi [ (22) 

«P>; (m b [P 2 I Urn A «r»; «4'» h [P 2 ] lln (23) 


By definition of ai, by combining ( |20l i with ( |2^ and ( |2T] i with ( |2^ , we infer barbs for 
S 1 and ^ 2 ; 


«P»; iA')) h 5 1 A «P»; iA'} h 5 1 
iPM^')) b 52 Urn A any, ({A')) h 52 Hn 


(24) 

(25) 
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That is, S i and [Pi] (resp. 5 2 and [P 2 I) have the same barbs. Now, by r-inertness 
(Proposition [ 4 ^, we have both 

Cr»;«4»h5i^C^lhIPl (26) 

Cr»;«4»h52^C^'>FlPl (27) 

Combining ( |2^ with ( |27l l, by transitivity of we have 

«P»;C^'»h5i^«zl'»h52 (28) 

In turn, from ( |28] l we infer that it must be the case that: 

«r»;«^'» F [Pil A «r»;«4'» h [Pii Urn 
«0;«Ai'» F [P 2 I A «r»;«4'» h [P 2 I \ln 

which clearly contradict ( |2^ and ( |23| l above. □ 

8 Extensions of HOtt 

This section studies (i) the extension of HOtt with higher-order applications/abstractions 
(denoted HO.Tr'''), and (ii) the extension of H0.7r with polyadicity (denoted HO;?). In both 
cases, we detail required modifications in the syntax and types, and describe further 
encodability results. 

8.1 Encoding HOtt^ into HOtt 

The HOtt calculus is purposefully minimal and allows only name applications/abstrac¬ 
tions (also referred to as first-order applications/abstractions). We now introduce HO;7r''', 
the extension of HOtt with higher-order applications. We show that HOtt'*' has a precise 
encoding into HOtt (Proposition |8.4| l. Therefore, since typed encodings are composable 
(Proposition |5.2| l, HOtt^ has a precise encoding to HO and n. In turn, this latter result 
implies that HO is powerful enough to express full higher-order semantics. 

Modifications in Syntax, Reduction Semantics, and Types. The syntax of HOtt^ 
processes is obtained from the syntax for processes given in Figure |^by replacing Vu 
with WV. Reduction is then defined by the rules in Figure]^ excepting rule [App], 
which is replaced by the following mle 

[App+] iAx.P)V ^ P{Vlx] 

The syntax of types in Figure [TT| is generalized by including 

L U^o \ U^o 

instead of L C^o | C-o«. Definitions of type equivalence/duality and typing envi¬ 

ronments (P and A) are straightforward extensions of Definition|3.2[ Definition|3.3[ and 
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Definition |3.4[ respectively. The typing rules of Figure|^are then modified accordingly: 
most significant changes are required in rules [Abs] and [App] (for typing abstractions 
and applications, respectively), which for HOtt'*' processes are modified as follows: 

T; A;/(i I-P>o r;0;/l2 H x> t/ 

[Abs^l - 

r\A\Ai\A2^ Ax.P>U^o 


U^U'^ovU'^o r;A;Aii-V>U r;0;A2 h 1T> t/' 

[App+] - 

r;A;Ai-A2hVW>o 

With these modifications we can now state the extension of Theorem 13. II 

Theorem 8.1 (Type Soundness for HOtt^). 

7. (Subject Congruence) r\%',A h P> o and P = P' implies P;0;/< i- P' > «. 

2. (Subject Reduction) r',(l)',A h P>o with balanced A and P —> P' implies r',%',A' h 
P' > o and either (i) A — A' or (ii) A —> A' with A' balanced. 

Proof. Part (1) is as for HOtt processes. Part (2) is also as before, but requires the 
expected generalization of parts (3) and (4) of the substitution lemma (Lemma [3.1| l. We 
describe the analysis when the reduction is inferred by rule [App+]. We have 

P = (Tx.0y^e{P/x)=P' 


Suppose P; 0; 4 h (Ax. Q)V><>. We examine one possible way in which this assumption 
can be derived; other cases are similar or simpler: 


r,x : Pi-oo; 0; 4 h (9>o P,x : Pi-oo; 0; 0 H x>Pi-oo 

P; 0;4i-Tx.2>(Pi^o)^o P; 0;0i-y>Pi^o 

P; 0;4i-(Tx.0y>o 


Then, b y co mbining premise P,x : Pi 
Lemma 


o; 0; 4 h 2>o with the extended formulation of 
3.1 4), we obtain P; 0; 4 i- 2{^/x)>o, as desired. □ 


As for the behavioural semantics of HOtt''', modifications are as expected. The set of 
action labels remains the sa me. In the untyped LTS, rule (App) is replaced with rule 
Ax.PV —> P{'^/x). Definition ‘ 


4.8 


(characteristic processes) now includes 


Kt/^or = = xiuh 

Hpf Hpf 

[t/^o]c = = Ax.lUY 


instead of = x^CF and = 4x.^C]^ 

respectively. The rest of the definitions for the behavioural semantics is kept unchanged. 


Encoding HOtt'*' into HOtt. We now present an encoding from HOtt'*' to HOtt. 

Definition 8.1 (Encoding from HOtt^ to HOtt). Let £.y\ 07 :+ - (HO;r'^,7“4,i-^,a!^,i-) 
where Tn is a set of types o/HOtt'*'; the typing h is defined in Figure^with extended 
rules [Abs] and [App]. Then, mapping (I']^,C'))^>f'))^) • is defined in 

Figure\T^ 
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Fig. 10 Encoding of HOtt'*' into HO;7r (cf. Definition 8.1 1 . We assume that the rest of the 
encoding is homomorphic on the syntax of processes, types and labels, respectively. 


Ix(dy.P)l3 (V I s!(Ay. [P]3).0) 
3 def 


[(Ax.F)(Ay. e)l3 “I? (y s)(sl(xnPf | i!<dy. [ei3).0) 
lu\{Ax.Q).Pi^ u\{Az.z7(x).lQf).lPf 


lu\{Ak.Q).Pf 


def 




iL^of (?(«L»3);end)^o 

iL^of (?(«L»3);end)^o 

i\{L^oy,Sf !<«L^o»3>;C5»3 

C!<L^o>;5>3 !<«L^o»3);C5»3 

ViL^oySf ?(CL^o»3);«5»3 

niL^oysf ?(CL^o»3);C5»3 


i(vm)n\{Ak.P)}^ {v m)n\{Ax.lPf) 

f«?<d*.P)S3 n-}{Ax.lPf) 

l{v m)n\{Ax.P)t {v m)n\{Az.zl(x).lPf) 

lnl{Ax^.P)t '^= nl{Az.zl{x).lPf) 


Proposition 8.1 (Type Preservation. From HOtt'*' to HO;7r). Let P be a HO;7r''' process. 
Ifr-%-A t-P>o then irf-tb-iAf h lPf>o. 

Proof. The proof is a mechanical induction on the structure of P. Details of the proof 
in Proposition |C.6| (page [8^ . □ 

Proposition 8.2 (Operational Correspondence. From HOtt^ to HOtt). 

7. Let r;(l>',A i- P. r',A h P i—> A' h P' implies 

a) If(e{(vm)n\{Ax.Q),nl{Ax.Q)] then (rf;((Af h |[P]3 ((A'f h 

b) If{ i {(v m)n!(Tx. 0),n?<Tx. Q),t] then iPf- (A}^ h {Pf ^ ({A'f h IP'f. 

c) Iff = Tp then irf;iAf 1 - IPf A" b R and ir}\A'flP'f^^A"R. 

d) Iff ^Tandt^Tp then (rf;((A))^ h IPf {A'f h [P']l 
2. Let r-(d-A h P. ((rf;(Af h [Pp ((A"f k Q implies 

a) If { e {(v m)n\{Ax. Q),nl{Ax. Q},t] then r',A i- P i—> A' i- P' with K'))^ = £ and 

Q=[P'f- 

b) Iff i {(v m)n\{Ax.R),nl{Ax.R),T) then r\A V- P i—> A' v- P' and Q = |[P']^. 

c) If £ — T then either r;A A i—> A' i- P' with Q = [P'p 

or r;A h A A' h P' and F |[P']l 
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Proof. The proof is an induction on the labelled transition system. The most interesting 
cases can be found in Proposition |C.7| (page[85|). □ 

Proposition 8.3 (Full Abstraction. From HO;7r''' to HOrr). Let P,Q HOtt'*' processes 
with h P>o and T;0;zl2 H Q><>. 

Then r-Ai^P^^ A 2 ^Q if and only ifiPf-iAlif H [Pf ((Aif h [QF 

Proof Soundness Direction. 

We create the closure 

% = {r-,Ai kP,A2hQ\ iPf-i^if h [Pf ({A2f h 

It is straightforward to show that is a bisimulation if we follow Part 2 of Proposi- 
tion |8.2| for subcases a and b. In subcase c we make use of Proposition 

Completeness Direction. 

We create the closure 

!R = {«r»3;«z(i>3HlPl3, I r;zlihP^"^2H0) 

We show that is a bisimulation up to deterministic transitions by following Part 1 of 
Proposition |8.2| The proof is straightforward for subcases a), b) and d). In subcase c) 
we make use of Lemma 1431 □ 

Proposition 8.4 (Precise encoding of HOtt''' into HOtt). The encoding from £.y\o„+ to 
-ChOff is precise. 

Proof. Syntactic requirements are easily derivable from the definition of the mappings 
in Figure [T^ Semantic requirements are a consequence of Proposition |8.H Proposi¬ 
tion and Proposition [8^ □ 

8.2 Polyadic HOtt 

Embedding polyadic name passing into the monadic name passing is well-studied in 
the literature. Using the linear typing, the preciseness (full abstraction) can be ob¬ 
tained Il57l . Here we describe an encoding of HOtt into HOtt. 


Modifications in Syntax, Reduction Semantics, and Types. The syntax of HOif pro¬ 
cesses is obtained from the syntax for processes given in Figure|^by considering values 

V u I Ax.P 

and input prefixes nl(x).P. Thus, polyadicity arises both in (session) communications 
and abstractions. Reduction is then defined by the rules in Figure excepting rules 
[App] and [Pass] which are replaced by rules 

[App'’] (Ax.P)u —> P{“/i) |i| = |m| 

[Pass'’] n\{V}.Pi I hl{x).P 2 —> Pi | P2{'^/^) |U| = l-^l 
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The syntax of types in Figure [TT| is modified to include 

L w— C^o I C-oo 
U C \ L 


instead of L C^o | C-oo and t/ C | L, respectively. 

Definitions of type equivalence/duality and typing environments (C and A) are straight¬ 


forward extensions of Definition 3.2 Definition |3.3| and Definition |3.4[ respectively. 
Following II33I35II the type system for HOtt disallows polyadicity along shared names. 
Based on these modifications, the typing rules of Figure are adapted in the expected 
way. In order to type polyadic values, we rely on the following rule: 


[Pol] 


F — dj . . . dr] 


r-,Ai',Ai h Ui>Ci 


U^Ci...Cn 


r-,UieiAr,Uiei'^,^v>u 


Other rules are adjusted in the expected way, in order to accommodate polyadic values. 
Notice, however, that rules [Req] and [Acc] are kept unchanged, as they are used to 
type monadic exchanges along shared name prefixes. We now state type soundness for 
HOtt; the proof is straightforward and omitted, for it follows closely the proof detailed 
in Appendix [A| 

Theorem 8.2 (Type Soundness for HOif). 

1. (Subject Congruence) r\%',A h P> o dnd P = P' implies P;0;zl i- P' > o. 

2. (Subject Reduction) r',tlr,A i- P>o with bdldnced A dnd P —> P' implies r\tt)',A' h 
P' > o dnd either (i) A — A' or (ii) A —> A' with A' bdldnced. 


As for the behavioral semantics for HOif, the set of action labels is kept unchanged. 
In fact, as V now stands for u and Ax.P, labels (v m)n\{V) and nl{V) require no modifi¬ 
cation. The LTS for HOt? is as for HOtt, excepting rule (App) which is replaced with the 
rule: 

(TxP)m-^P{“/x) 


The characteristic process and characteristic value definition (Definition 4.8 1 is ex¬ 
tended to include the cases: 


= [CiF* I... ig:c„r" 


Thus, a polyadic type is inhabited by process whose parallel components inhabit type 
the individual components of the polyadic type. A polyadic value type is inhabited by 
a list of values which inhabit the individual components of the polyadic value. The rest 
of the behavioural semantics remains unchanged. 


Encoding HOt? into HOtt. We slightly modify Definition 5.4 to capture that a label { 
may be mapped into a sequence of labels £. Also, Definition 5.4 stays as the same as- 

( K1 

suming that if Pi—> P' and {(} - ■■■ ,(m] then [P] i 

t\ ^2 

as [P] t=> Pi i=> P 2 ■ ■ ■ i=> Pm - [P'1, for some Pi,P 2 ,...,P„ 


[P'l should be understood 
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Fig. 11 Encoding of HOtt into HOtt (cf. Definition |8.2| . We assume that the rest of the 
encoding is homomorphic on the syntax of processes, types and labels, respectively. 


Terms 

ln\{uu...,Un).Pt n\{ux)....\n\{un).lPt 

lnl(xu...,Xn).Pt nl(xi)....-,nl{xn).lPt 

ln\{Xxu...,Xn.Q).Pf n\(Az.z^(xl)....■,z^(x„).lQf).lPf 

lx(ui,...,u„)l^ (v 5)(.ici I s!(mi> _;i!(Mi).0) 

l(Ax.P)(uu...,Un)t (v5)((dx.[P]4)^|^!<Mi)....;5!<Mi).0) 

Types 

C(Ci,...,C„)^o»4 ^1=^ (?(Ci);...;?(C„);endW 
C(Ci,...,C„)^o»4 (?(Ci);...;?(C„);endWo 

C!<L>;5»4 !<«L»4>;«S»4 

C?(L);5»4 ?(«L»4);«S>4 

«!<Ci,...,C„>;5»4 !<Ci>;...;!<C„>;C5»4 

«?(Ci,...,C„);5»4 ?(Ci);...;!<C„);«5»4 

Labels 

i(v (v .. .(v m„')n\{m„) 

m, 

l(ym)n\{Axu...,x„.P }|4 (v m)n\(Az. z?(vi)....; z^x„npf) 

fn?<dxi,...,x„.P)84 n7{Az.z2(xi)....;zl(x„).lPt} 

Irpt Tfj,Ts,...,Ts 

II II4 

fTf = r,...,T 


£ 

Let -ChOrf = (HOtt,7^5 ,1 —where Ts is a set of types of HOtt^; the typing H 
is defined in Figurej^with polyadic types. 

Definition 8.2 (Encoding from HOt? to HOtt). Encoding ({•))'*, {{-f"*) ; -ChO:? ^ 
XhOff to be defined as in Figure [77] 

Proposition 8.5 (Type Preservation. From HOt? to HOtt). Let P be a HOt? process. If 
r-%-A I- P>o then Cr»4;0;«z(»4 h [Pf >o. 

Proof. By induction on the inference r-,%-,A )- P>o. See Proposition jC .8 j (Page [87]i for 
details. □ 

Proposition 8.6 (Operational Correspondence. From HOt? to HOtt). 

1. Let r',%',A I- P. Then r',A P i—> A' I- P' implies 
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a) Ife = (v m')n\{m) then irY'AAf h [Pf ... «z('/ h [Pf with \(t = 

...tn- 

b) Ife = n?<m) then irf'AAt H [Pf ^ ^ h [pf wlf/, ... 4 . 

cj Ife e {(v m)n\{Ax.R),n7{ALR)} then «P/;«/l/ 1 - [Pf «/1'/ h [P'f with 

d) Ife e {n®l,n&l} then irf-,({Af 1 - [Pf ^ {{A'f h [P'f. 

e) Ife = 4 ; then either «P/;«/l/ h [Pf ...A {A'f h [P'f with = 

T/J,Ts . . .Tg. 

f) Ife then irf-XAt h [P]4 ^ ... ^ iA't h [P'f w/f/r f4)^ = r... r. 

2. Lef P;0;/< 1 - P. b «4li/ b Pi ImpPes 

a) Ife e {n?(m),n!(m),(v m)n\{m)] then r;A 1 - P 1 —> /)' I- P' and 

((n^ kPiA...A iA't h «p '»4 with uf = ^1.. .4. 

b) If e & {(v m)n\{Ax.R),nl{Ax.R)) then r',A P 1 —> A' h P' with {I'Y' - t and 
Pi = [P'f. 

c) Ife e {n®l,n&l} then r\A 1 - P 1 —> A' 1 - P' and Pi s [P']^. 

d) Ife = Tp then r;Ai-pAA'h P' and ({P/; h Pi A ... {A'f h «P'/ 
with lef ^Tp,Ts...Ts. 

e) Ife then r-,A h P A A' P' and «P/;«/li/ h Pi A ... A iA't h ({P'))*^ 

with -T...T. 

Proof We present the proof for the dyadic case in Proposition |C.9| (Page [ 88 ] ). The 
polyadic case proof is an generalisation of the dyadic case proof. □ 

Proposition 8.7 (Full Abstraction. From HOtt'*' to HOtt). Let P, Q HOif process with 
r;®;Ai I- P>o and P; 0 ;zl 2 ^ Q>0- P',Ai 1 - P A 2 b Q if and only if CT))^;({^i))‘^ b 
IPf (<^ 2 / b IQt 

Proof The proof for both direction is a consequence of Operational Correspondence, 
Proposition [ 8 ^ 

Soundness Direction. 

We create the closure 

% = {P-Ai H P , 2 I 2 H 2 I «P>/;«2Ii>4 ^ ((^ 2 / b IQf] 

It is straightforward to show that !R is a bisimulation if we follow Part 2 of Proposi¬ 
tion |83| 

Completeness Direction. 

We create the closure 

% = {«P/;«4(i>" b IPf , iA2f b IQf I P; 2 li h P^"zl 2 b g) 


We show that !R is a bisimulation up to deterministic transitions by following Part 1 of 
Proposition [8^ □ 
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Proposition 8.8 (Precise encoding of HOtt'*' into HOtt). The encoding from -Cho^ to 
-CiHOff precise. 

Proof. Syntactic requirements are easily derivable from the definition of the mappings 
in Figure [m Semantic requirements are a consequence of Proposition |8.5[ Proposi¬ 
tion [8]^ and Proposition [8]7] □ 

9 Related Work 

Expressiveness in Concurrency. There is a vast literature on expressiveness studies 
for process calculi; we refer to ll^ for a survey (see also Il40l § 2.3]). In particular, 
the expressive power of the ;7r-calculus has received much attention. Studies cover, e.g., 
relationships between first-order and higher-order concurrency (see, e.g., i48l47l l. com¬ 
parisons between synchronous and asynchronous communication (see, e.g., Il7l37l2l ). 
and (non)encodability issues for different choice operators (see, e.g., 1361421). To sub¬ 
stantiate claims related to (relative) expressive power, early works appealed to different 
definitions of encoding. Later on, proposals of abstract frameworks which formalise 
the notion of encoding and state associated syntactic and semantic criteria were put 
forward; recent proposals are 0161121.541 . These frameworks are applicable to different 
calculi, and have shown useful to clarify known results and to derive new ones. Our 
formulation of (precise) typed encoding (Definition |5.5| l builds upon existing proposals 
(including 0371161281 1 in order to account for the session type systems associated to the 
process languages under comparison. 

Expressiveness of Higher-Order Process Calculi. Early expressiveness studies for 
higher-order calculi are 052I48II ; more recent works include 08I28I29I55I56I . Due to the 
close relationship between higher-order process calculi and functional calculi, works 
devoted to encoding (variants of) the T-calculus into (variants of) the ;7r-calculus (see, 
e.g., II45I11I58I3I51II 1 are also worth mentioning. The work 1481 gives an encoding of 
the higher-order 7r-calculus into the first-order 7r-calculus which is fully abstract with 
respect to reduction-closed, barbed congruence. A basic form of input/output types is 
used in P9l . where the encoding in is casted in the asynchronous setting, with 
output and applications coalesced in a single construct. Building upon ll4^ . a sim¬ 
ply typed encoding for synchronous processes is given in ll50l : the reverse encoding 
(i.e., first-order communication into higher-order processes) is also studied there for 
an asynchronous, localised 7r-calculus (only the output capability of names can be sent 
around). The work BTlI studies hierarchies for calculi with internal first-order mobil¬ 
ity and with higher-order mobility without name-passing (similarly as the subcalculus 
HO). The hierarchies are based on expressivity; formally defined according to the or¬ 
der of types needed in typing, they describe different “degrees of mobility”. Via fully 
abstract encodings, it is shown that that name- and process-passing calculi with equal 
order of types have the same expressiveness. With respect to these previous results, our 
approach based on session types has several important consequences and allows us to 
derive new results. Our study reinforces the intuitive view of “encodings as protocols”, 
namely session protocols which enforce precise linear and shared disciplines for names. 
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a distinction not investigated in 048I49L In turn, the linear/shared distinction is central in 
proper definitions of trigger processes, which are essential to encodings and behavioural 
equivalences. More interestingly, we showed that HO, a minimal higher-order session 
calculus (no name passing, only first-order application) suffices to encode n (the ses¬ 
sion calculus with name passing) but also HOtt and its extension with higher-order 
applications (denoted HOtt'*'). Thus, using session types all these calculi are shown to 
be equally expressive with fully abstract encodings. To our knowledge, these are the 
first expressiveness results of this kind. 

Other related works are II8I55I29I . The paper JS) proposes a fully abstract, continu¬ 
ation-passing style encoding of the ;7r-calculus into Homer, a rich higher-order process 
calculus with explicit locations, local names, and nested locations. The work ll55l stud¬ 
ies the encodability of the higher-order 7r-calculus (extended with a relabelling opera¬ 
tor) into the first-order ;7r-calculus; encodings in the reverse direction are also proposed, 
following II 52 II . A minimal calculus of higher-order concurrency is studied in Il29ll : it 
lacks restriction, name passing, output prefix (so communication is asynchronous), and 
constructs for infinite behaviour. Nevertheless, this calculus (a sublanguage of HO) is 
shown to be Turing complete. Moreover, strong bisimilarity is decidable and coincides 
with reduction-closed, barbed congruence. 

Building upon Il53l . the work 1551 studies the (non)encodability of the 7r-calculus 
into a higher-order 7r-calculus with a powerful name relabelling operator, which is 
shown to be essential in encoding name-passing. A core higher-order calculus is stud¬ 
ied in Il29l : it lacks restriction, name passing, output prefix and constructs for infi¬ 
nite behaviour. This calculus has a simple notion of bisimilarity which coincides with 
reduction-closed, barbed congruence. The absence of restriction plays a key role in the 
characterisations in ll29l : hence, our characterisation of contextual equivalence for HO 
(which has restriction) cannot be derived from that in ll29l . 

In Il28l the core calculus in 1291 is extended with restriction, synchronous com¬ 
munication, and polyadicity. It is shown that synchronous communication can encode 
asynchronous communication, and that process passing polyadicity induces a hierarchy 
in expressive power. The paper l5^ complements 1^ by studying the expressivity of 
second-order process abstractions. Polyadicity is shown to induce an expressiveness hi¬ 
erarchy; also, by adapting the encoding in l48l . process abstractions are encoded into 
name abstractions. In contrast, we give a fully abstract encoding of HOtt''' into HO that 
preserves session types; this improves 1281561 by enforcing linearity disciplines on pro¬ 
cess behaviour. The focus of 1281561 is on the expressiveness of untyped, higher-order 
processes; they do not address tractable equivalences for processes (such as higher- 
order and characteristic bisimulations) which only require observation of finite higher- 
order values, whose formulations rely on session types. 


Session Typed Processes. The works 1 10191 study encodings of binary session calculi 
into a linearly typed 7r-calculus. While ITOl gives a precise encoding of n into a linear 
calculus (an extension of Q), the work |9l gives the operational correspondence (with¬ 
out full abstraction, cf. Definition |5.3[ -4) for the first- and higher-order 7r-calculi into 
123. They investigate an embeddability of two different typing systems; by the result 
of ITOl . HO;7r''' is encodable into the linearly typed 7r-calculi. 
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The syntax of HOrr is a subset of that in 0331351 . The work ll^ develops a full 
higher-order session calculus with process abstractions and applications; it admits the 
type U-U\^U 2 ---Un^o and its linear type t/* which corresponds io U^o and 
U-oo in a super-calculus of HO;7r''' and HOif. Our results show that the calculus in If33l is 
not only expressed but also reasoned in HO (with limited form of arrow types, C^o and 
C-oo), via precise encodings. None of the above works proposes tractable bisimulations 
for higher-order processes. 

Other Works on Typed Behavioural Equivalences. Since types can limit contexts (en¬ 
vironments) where processes can interact, typed equivalences usually offer coarse se¬ 
mantics than untyped semantics. The work ||43]| demonstrated the lO-subtyping can 
equate the optimal encoding of the T-calculus by Milner which was not i n the untyped 
polyadic 7r-calculus EH. After ll43l . many works on typed 7r-calculi have investigated 
correctness of encodings of known concurrent and sequential calculi in order to exam¬ 
ine semantic effects of proposed typing systems. 

The type discipline closely related to session types is a family of linear typing sys¬ 
tems. The work ll2^ first proposed a linearly typed reduction-closed, barbed congru¬ 
ence and reasoned a tail-call optimisation of higher-order functions which are encoded 
as processes. The work 1571 had used a bisimulation of graph-based types to prove the 
full abstraction of encodings of the polyadic synchronous 7r-calculus into the monadic 
synchronous 7r-calculus. Later typed equivalences of a family of linear and affine cal¬ 
culi II3I58I4I were used to encode PCF II44I30I . the simply typed d-calculi with sums and 
products, and system FQa fully abstractly (a fully abstract encoding of the /l-calculi 
was an open problem in ifMl l. The work ll5^ proposed a new bisimilarity method as¬ 
sociated with linear type structure and strong normalisation. It presented applications 
to reason secrecy in programming languages. A subsequent work Il20l adapted these 
results to a practical direction. It proposes new typing systems for secure higher-order 
and multi-threaded programming languages. In these works, typed properties, linearity 
and liveness, play a fundamental role in the analysis. In general, linear types are suitable 
to encode “sequentiality” in the sense of II21I1L 


Typed Behavioural Equivalences. This work follows the principles for session type 
behavioural semantics in II27I26I41I where a bisimulation is defined on a LTS that as¬ 
sumes a session typed observer. Our theory for higher-order session types differentiates 
from the work in 0271261 . which considers the first-order binary and multiparty session 
types, respectively. The work 0411 gives a behavioural theory for a logically motivated 
language of binary sessions without shared names. 

Our approach for the higher-order builds upon techniques by Sangiorgi 0481461 
and Jeffrey and Rathke i22\ . The work ||48]| introduced the first fully-abstract encod¬ 
ing from the higher-order ;7r-calculus into the 7r-calculus. Sangiorgi’s encoding is based 
on the idea of a replicated input-guarded process (called a trigger process). We use 
a similar replicated triggered process to encode HOtt into n (Definition 6.4 1. Opera¬ 
tional correspondence for the triggered encoding is shown using a context bisimulation 
with first-order labels. To deal with the issue of context bisimilarity, Sangiorgi proposes 
normal bisimilarity, a tractable equivalence without universal quantification. To prove 
that context and normal bisimilarities coincide, ll48l uses triggered processes. Triggered 
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bisimulation is also defined on first-order labels where the contextual bisimulation is 
restricted to arbitrary trigger substitution. This characterisation of context bisimilarity 
was refined in Il22l for calculi with recursive types, not addressed in II46I48I and rele¬ 
vant in our work. The bisimulation in Il22l is based on an LTS which is extended with 
trigger meta-notation. As in II46I48L the LTS in Eli observes first-order triggered val¬ 
ues instead of higher-order values, offering a more direct characterisation of contextual 
equivalence and lifting the restriction to finite types. 

We contrast the approach in ll22l and our approach based on higher-order and char¬ 
acteristic bisimilarities. Below we use the notations adopted in Il22ll . 

i) The work Il22l extends the first-order LTS for a trigger interaction whereas our 
work uses the higher-order LTS. 

ii) The output of a higher-order value Ax. Q on name n in Il22l requires the output of 

a fresh trigger name t (notation t?) on channel n and then the introduction of a 
replicated triggered process (notation (f Hence we have: 

(v t)n\(Ti) , r?(v) , 

P P'\(t^ix)Q)^P'\(x)Qv\{t^(x)Q) 

In our characteristic bisimulation, we only observe an output of a value that can be 
either first- or higher-order as follows: 



with V = Ax. Q or V = m. 

A non-replicated triggered process (f V) appears in the parallel context of the 
acting process when we compare two processes for behavioural equality (cf. Defi- 
1 4.13|l. Using the LTS in Definition 4.1 we can obtain: 


nition 


P'\t<^ Ax. Q 


Az.zP.{y).*n(x).(yx) 


P' I (V 5)(5?(y).H< f?(x).(yv) I U(Tx.e).O) 
P' I * tl{y).{{Ax.Q)y) 


that simulates the approach in Il22l . 

In addition, the output of the characteristic bisimulation differentiates from the 
approach in Il22l as listed below: 

- The typed LTS predicts the case of linear output values and will never allow 
replication of such a value; if V is linear the input action would have no repli¬ 
cation operator, as /lz.z?(y).f?(x).(yx). 

- The characteristic bisimulation introduces a uniform approach not only for 
higher-order values but for first-order values as well, i.e. triggered process can 
accept any process that can substitute a first-order value as well. This is derived 
from the fact that the HO;7r-calculus makes no use of a matching operator, in 
contrast to the calculus defined in Il22l l where name matching is crucial to 
prove completeness of the bisimilarity relation. Instead of a matching operator, 
we use types: a characteristic value inhabiting a type enables the simplest form 
of interactions with the environment. 
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Our HOTT-calculus requires only first-order applications. Higher-order applica¬ 
tions, as in Il22l . are presented as an extension in the HOtt'*' calculus. 

Our trigger process is non-replicated. It guards the output value with a higher- 
order input prefix. The functionality of the input is then used to simulate the 
contextual bisimilarity that subsumes the replicated trigger approach (cf. Sec¬ 
tion 4.51. The transformation of an output action as an input action allows for 


treating an output using the restricted LTS (Definition |4.10|i: 


P'\t< 


^(Ax.lUY) , 
■ Ax.Q V4 P' 


(V 5)([t/r5i5!(/ix.e).o) 


iii) The input of a higher-order value in the Il22l requires the input of a meta-syntactic 
fresh trigger, which then substituted on the application variable, thus the meta¬ 
syntax is extended to represent applications, e.g.: 


nl{x).P -4 {{Ax.P)Tk)- 


P{^klx] 


Every instance of process variable x in P being substituted with trigger value to 
give an application of the form {tj^x). In contrast the approach in the characteristic 
bisimulation observes the triggered value Az.tl{x).{xz) as an input instead of the 
meta-syntactic trigger; 

n?(x).P 1 -^ p[Az.f}{x).{xz)lx) 

Every instance of process variable x in P is substituted to give application of the 
form (/lz.f?(x).(xz))v Note that in the characteristic bisimulation, we can also ob¬ 
serve a characteristic process as an input. 

iv) Triggered applications in Il22l are observed as an output of the application value 
over the fresh trigger name; 

TkV -> 0 

In contrast in the characteristic bisimulation we have two kind of applications; i) 
the trigger value application allows us to simulate an application on a fresh trigger 
name, ii) the characteristic value application allows us to inhabit an application 
value and observe the interaction its interaction with the environment as below; 


r tl{Ax. iUY) 

(dz.f?(x).(xz))y ^ f?(x).(xv) (Ax.iur)v 
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A Type Soundness 

We state type soundness of our system. As our typed process framework is a sub¬ 
calculus of that considered by Mostrous and Yoshida, the proof of type soundness 
requires notions and properties which are specific instances of those already shown 
in Ea. We begin by stating weakening and strengthening lemmas, which have stan¬ 
dard proofs. 

Lemma A.l (Weakening - Lemma C.2 in ll35) ). 

- If L;A;zl H P>o and x i Aova.{r,A,A) then L-.r : S-^o;A;A i- P>o 

Lemma A.2 (Strengthening - Lemmas C.3 and C.4 in |[35l ). 

- If r-.r : 5 -^o;A;A i- P>o and x i £pv(f’) then r-,A',A i- P>o 

- If r',A\A ■ s : end i- P>o and s i £n(P) then r',A\A v- P>o 

Lemma A.3 (Substitution Lemma - Lemma C.IO in ll35l ). 

1. Suppose r;A;A -x : S i- P>o and s i dom(r,A,2l). Then r',A\A ■ s : 5 i- P{Vv)>o. 

2. Suppose P x : {U};A;A i- P>o and a i doja(r,A,A). Then T-a ; {U)\A\A v- P{‘^lx}>o. 

3. Suppose r\A\ ■ X : C-oo;Ai h P>o and /’;A 2 ;/l 2 b V >C-oo with Ai,A 2 and Ai,A 2 
defined. Then T;Ai ■ A 2 ;Ai ■A 2 b P{^/j)>o. 

4. Suppose P- x: C^o;A;A h P>o and r;0;0 1 - V>C^o. Then P',A\A )- P{^Ix}>o. 

Proof. In all four parts, we proceed by induction on the typing for P, with a case anal¬ 
ysis on the last applied rule. □ 

We now state the instance of type soundness that we can derive from ll35l . It is worth 
noticing the definition of structural congruence in ll35l is richer. Also, their statement 
for subject reduction relies on an ordering on typings associated to queues and other 
runtime elements (such extended typings are denoted A in ll35l '). Since we are working 
with synchronous communication we can omit such an ordering. 

We now repeat the statement of Theorem |3.1| in Pagefl^ 

Theorem A.l (Type Soundness - Theorem |3.1) . 

L (Subject Congruence) Suppose P',A;A 1 - P>o. Then P = P' implies P',A;A h P' > 0 . 

2. (Subject Reduction) Suppose P;(ll;A P>o with balanced A. 

Then P —> P' implies P',%\A' P' >0 and A — A' or A —> A'. 

Proof. Part (1) is standard, using weakening and strengthening lemmas. Part (2) pro¬ 
ceeds by induction on the last reduction rule used. Below, we give some details: 

1. Case [App]: Then we have 


P^(Ax.Q)u^Q[^lx]^P' 
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Suppose T; 0; /< h (Ax. Q)u>o. We examine one possible way in which this assump¬ 
tion can be derived; other cases are similar or simpler; 

r;&-A-{x:S}i-Q>o r';®; {x: S} i-x>S 


F; ®; A h Ax. Q>S -oo 


r-,®-,{u:S]\-u>S 


F', ®; A ■ u : S i- (Ax. Q)u>o 

Then, by combining premise F\®-, A ■ [x : 5) i- Q>o with the substitution lemma 
(Lemma [3.1[ l)), we obtain F', ®; A ■ u : S i- Q{“/x} > o, as desired. 

2. Case [Pass]: There are several sub-cases, depending on the type of the communication 
subject n and the type of the object V. We analyze two representative sub-cases: 

(a) n is a shared name and T is a name v. Then we have the following reduction; 

P = n\{v}.Qi I nl(x).Q 2 Qi I Qii^lx] = P' 

By assumption, we have the following typing derivation: 

T; 0;/li -{v : 5 )-zl 3 h n\{v).Qi \ nl(x).Q 2 >o 
where ( [29] l and ( |30l l are as follows: 

r-n:<5);0;0hn><5) T; 0; zli i-Qi >o T; 0; {v : 5) h v>5 


T; 0; /fi • {v : 5) I- n\{v).Qi >o 
r' ■ n : (5); 0; 0 1 - n>(5) F',®; A^ ■ x : S h Q 2 >o 
F; 0;ZI 3 I- nl(x).Q 2 >o 

Now, by applying LemmajTTJl) on T; 0; z )3 ■ x : 5 h 02>0 we obtain 
F;®;A2-v:S h Q2{^lx]>o 

and the case is completed by using rule [Par] with this judgment: 

r;0;zli h >0 F',®', A 2 ,-v ■. S'r Q 2 {^I x]>o 

F-,®-,Ai -A^-v.SkQil Q2 {''Ix}>o 
Observe how in this case the session environment does not reduce. 


(29) 

(30) 


(b) n is a shared name and V is a higher-order value. Then we have the following 
reduction; 

P = «!<y>.ei I nl(x).Q 2 Qi I Q 2 {^/x} - P' 

By assumption, we have the following typing derivation (below, we write L to 
stand for C^o and F to stand for T' \ {x : L)). 

([^ ([sgi 


T; 0;zli -A^ F n\{v).Qi \ nl(x).Q 2 ><> 
where ( [3T| l and ( [32] l are as follows: 

r;0;0i-«><L) r;0;zli i-2i>o F-,®-,®'rV>L 

T; 0;zli h n!<y).2i>o 

r;0;0i-n><L> T'; 0 ;/<3 1-02 >0 r';0;0i-x>L 


(31) 


F\ 0;ZI 3 h nl(x).Q 2 ><> 


( 32 ) 
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Now, by applying Lemma [TTt 4) on F' \ {x \ L}-, Q 2 >o and T; 0; 0 i- V>L 

we obtain 

T; 0;/<3 h Q2{'^Ix)>o 

and the case is completed by using rule [Par] with this judgment: 

r-%-AihQi>o r;0;zl3b62{'^/4>o 
r;(d;Ai ■/<3 I- I Q2['^Ix]>o 

Observe how in this case the session environment does not reduce. 

3. Case [Selj: The proof is standard, the session environment reduces. 

4. Cases [Par] and [Res]: The proof is standard, exploiting induction hypothesis. 

5. Case [Congj: follows from Theorem |3.1| (l). 

□ 


B Behavioural Semantics 

We present the proofs for the theorems in Section]^ 


B.l Proof of Theorem l4.ll 

We split the proof of Theorem|4. 1 |(Page[22]i into several lemmas: 


- Lemma 

- Lemma 

- Lemma 

- Lemma 


B.l 


B.4 


B.5 


B.8 


_ 


establishes = ss^.s _ 

exploits the process substitution result (Lemma |4^ to prove that 
shows that a; is a congruence which implies aiCs. 
shows that sCss^. 


We now proceed to state and proof these lemmas, together with some auxiliary results. 

Lemma B.l. 


Proof. We only prove the direction x^Qx^. The direction x^Qx^ is similar. 

Consider 

%^[r-Ax^p,A2 ^q I r-Ax^P^^A2^Q] 

We show that is a characteristic bisimulation. The proof does a case analysis on the 
transition label (. 

- Case £ -{v rn\)n\{Vi) is the non-trivial case. 

If 


r-jihP 


(v mi)n!<V|> 


A[ h P' 


(33) 


then 32, V ’2 such that 


C;32 h Q 


(v m2)n\{V2) 


A’^Q’ 


(34) 
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and for fresh f; 


r;0; A[ h (vmi)(P' \ tl(x).(v s)(xs\ i!<yi).0)) 

Zl 2 h (v m 2 )(Q' I f?(x).(v I i!<y2).0)) 

From the last result we can derive that for r-,%-,A)-V\>U: 

r;0; A\ h (v m){P' I f?(x).(v s)(xs \ i!<yi).0)) 

r?<I?(C/);end]’'> 

^ A'{ h (v mi)(P’ I (v s)([?(t/); endf I s!<yi).0)) 


implies 


r;0; zl' h (v m 2 )(Q’ \ f?(x).(v s)(xs \ s!(y 2 ). 0 )) 

^ ^2 ^ '«2)(e' I (V ^)(I?(t/); endF I ^!<y2).0)) 


and r;0;zl' )-V 2 >U. 

Transition (j3^ implies transition (34 1 . It remains to show that for fresh t: 


r-%-A[ h {vm){P' I t?(x).(v i)([?(t/);end]^ |i!<yi).0)) 
zl 2 h (y m 2 )(e' I f?(x).(v s)muy,endY I ^!<y2).0)) 


The freshness of t implies that 

r;0; zl'j h (vmi)(P' | f?(x).(v s)(i7{U);endY I i!<yi).0)) 
A'( H (vmiXF I (v i)([?(t/);endF |i!<yi).0)) 


and 

r;0; 4 h (vm 2 )(e' I f?(x).(v i)([?(t/); endF I ^!<y2).0)) 

A- H (V m 2 ){Q' I (V 5)(I?(t/); endF I ~^'-{V2}-0)) 

which coincides with the transitions for 
- The rest of the cases are trivial. 

The direction is very similar to the direction it requires a case analysis 

on the transition label £. Again the non-trivial case is ^ = (v mi)«!(yi). □ 

The next lemma implies a process substitution lemma as a corollary. Given two 
processes that are bisimilar under trigerred substitution and characteristic process sub¬ 
stitution, we can prove that they are bisimilar under every process substitution. This 
result is the key result for proving the soundness of the bisimulation. 

Lemma B.2 (Linear Process Substitution). If 

1. fpv(P2) = £PV(22) = (x). 

2 . r;x: i-P2>o and r;x : H 22>o- 

3. r-,A\ h (vmi)(Pi I P 2 {^^-t'^-^y">-(y^">ix}) a'^ {vmyQi \ 22 H^-^-W-Cyx)/ 4 ), 

for some fresh t. 

4. r-A'; h (v mi)(Pi I P 2 {lVlclx)) A'^ h (v mzXGi I 
for some U. 
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then VR such that fv(7?) = x 

r-,Ai h (V miXPi I P2{^^-J^/x]) A2 h (v m2){Qi \ 

Proof. We create a bisimulation closure: 

= [P-A, h (v nn){P, I P2{^~^-RIx]),A2 h (v m 2 ){Qx \ | 

such that fv(7?) = x, fpv(P 2 ) = £pv( 22 ) = l-*^) 
r;x: U-,A”' hP 2 >o,r\x\ U^A'f h 22>o 
for fresh f, 

r;zi; h (v mi)(Pi I 2 I 2 h (v m2)(0i I 22 {^^-^'W-Cy^Vx)), 

r-A'( h (v miKPi I P 2 {iUlolx]) 4' h (v m 2 )(ei I for some U 

) 

We show that is a bisimulation up-to jS-transition (Lemma [4.3| l. 

We do a case analysis on the transition: 

r\Ai h (v miWii^x.Rjx] I Pj^{Xx.Rix}) \ A\ h P\ 

- Case: P 2 4 xn for some h. 

r-A, h (V mi)(Pi I P2{^^-^/4) ^ ^'1 H (y m\){Pi \ 

From the latter transition we obtain that 

r;0; zli h (vmiXPi | P2{^^-^'(>’^-0'%x)) 

Zi; 1 - P' = (v mi)(P; I P'^\^x.tl(y).(yx)ip^) 

which implies 

P;0; /I 2 h (vm2)(0i I Q2{^'^-t^myx)lx)) 

^A'^^Q' = {v m2){Q\ I 0^{dx.t?(y).(yx)/;,)) 

P;4hP'|Ci ^"4he'|C2 

Furthermore, we have: 

r-Ai H (v miXPi I P2{Kf^3c/x)) ^ . 1 ; h P" = (y m;)(P'i | i 
which implies 

P;0; ^2b(ym2XGi I02{^^V4) 

4 h 0" = (y m2')(0'i I 02{^^^04) 

P;.i;hP"|Ci ^"2l^h0"|C2 


(35) 

(36) 


P'AlPloIx]) 


(37) 

(38) 
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From ( |35| ) and ( |T7] ) we obtain that V/? with £v(R) - x: 

r-M F (V mzXGi I Qii^^-Rlx]) zl^ h (y m 2 '){Q\ \ 

The case concludes if we combine ( [36l l and ( [38] l, to obtain that 'iR with fv(/?) = x 
r'-A'l h (y m'){P\ I P^{^^-^/x)) I Cl Zl" H (y m 2 '){Qi \ | C 2 


- Case: P 2 - xh for some n. 

V/? with £v(R) - X 

C;0; zli h (y mi)(Pi | (xn){^^'^/x)) 
izf; h(ym;)(Piimx)) 

From the latter transition we get that: 


r\%',A\ h (ymi)(Pi I xn{"^^-^'^Cy)'(>’^)/x)) 

tr tl{AxA'l{y).{yx)) ~ i- /o/ \ / ~\ 

I—> I—> zlj h (y mj)(Pi I xh\^^-^ ?Cy)-Cvx)/;i;j) 


(39) 


and t' a fresh name. From the freshness of f, the determinacy of the application transition 
and the fact that x is linear in Q 2 it has to be the case that: 


t=> 

rp tl{Ax.t'l(y).(yx)) 


r;0;zl^ h (y»^)(0i | •(>’(•(>’^Vx)) 

(y m'^)(Q'( I 23 I xm{^^-f?(3')-ty^)/x)) 

ZI2 F {v I xm{^^-^^^Cy)-(>’^)/x)) 


and 


r;0; zl'j F (y | xn{^^-f'?Cy)-Cv%x)) 

ss" A'^ F (y m2')(2i I xm{^^-^'?(y)-(3'^)/x)) 


From the latter transition we can conclude that V/? with £v{R) - {x): 

r;0;Zl^F(ym')(2iie2{^^-^/x)) 

t=> (y m 2 )( 2 i I ■*^{'^^'^/x)) 

^ Zl"F(ym')(e;|/?r/x)) 

From the definition of S and ( |40l i, we also conclude that 

r-A\ F (y m;)(Pi I R{nlx]) ^ ^ [y rn 2 '){Q\ \ R^lx]) 


(40) 


□ 

We can generalise the result of the linear process substitution lemma to prove pro¬ 
cess substitution (Lemma |4.2| i. Intuitively, we can subsequently apply linear process 
substitution to achieve process substitution. 

Lemma B.3 (Process Substitution). If 
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1. r-,A\ h A 2 h e{^^-'-W-Cy^)/x) for some fresh t. 

2. r-A'{ h P{i'Ulolx} zf" h Q{l'Ulolx} for some U. 

then 'iR such that fv(/?) = x 


r-Ai H P{'^^-R/x} A2 h 

Proof. We define a closure % using the normal form of P and Q 


% = [P-Ax H {vmi){Px[^^-Rlx) I P2{^^-RIx)),A2 h (vm2)(ei{^^-^/4 I \ 

PR such that fv(R) - x, 

r;(li;A[i-(vmi)(Pi{‘ix.n(y).(yx)/x}\P2{'<-Ptl(y).(yx)/x}) 
or res f, ^ 2 )( 2 i{^^-f? 0 ')-(y ^)/4 | W-0'^)/4) 


for some U, 

) 


r;0; A'{ h (vmi)(Pi{Wh/x} \ P2{^’^^o/x}) 
zl" h (y m 2 )(ei{^f^ 3 c/x) I e 2 {^^ 3 c/x)) 


We show that is a bisimulation up to y6-transition (Lemma [4.3| l. 
- Case; P 2 4^ xh for some h. 


r;0; zli h (y mi)(f’i{^^-'^/x) | P 2 {^^-Rlx]) 

Zi; h (y ifi\){Pi{^x.Rix] I p'^{Xx.Rix]) (41) 

The case is similar to the first case of Lemma 1531 
- Case: P 2 - xh for some h. 

C;0; zli h (y mi)(Pi{^^-^/x) | xn{^^'^/x)) 

^ Zl'j h (y m\){Pi{^x-Rlx} I R{nlx]) 

From the latter transition we get that: 


r-,%-,Ai h (ymi)(Pi{^^-f?0')-(>'^)/x) I xh{^x.tl(y).lyx)ix)) 

^ (y„^j')(Pj{4x.f?(y).(yx)/4 |3,/,{4x.r'?(y).(yx)/y)) (42) 


and t' a fresh name. From the freshness of t and the determinacy of the application 
transition it has to be the case that; 


t=> 

r/j n{Ax.t"!(y).(jx)) 


r-,%-,A '2 h {vm 2 ){Q\{'^^-t^(y)-(yx)lx] \ Q2{'^x.t1(y).(yx)lx]) 

(y OT 2 ')( 2 iH^-^- 0 ')-(>'^)/x) I g^{4x.f?Cy).(yx)/;(;) | xm{'^x.tl(y).(yx)lx]) 

Zl" H {vm2){iQ\ I Q'2){^x.n(y).{yx)lx}\ym{^Pt'l(y).{yx)lyy^ 


Let Q 2 such that 

r;0; zl h (ym 2 ')(Gi I 23){4Lt?Cy).Cyx)/;c){4x.t'?(y).(yx)/y) 

1 =^ zl' H {vm 2 ){{Q\ I Q' 2 ){‘^x.my).iyx)lx)\ym{‘^x.t'l{y).(yx)ly]) 
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From Lemma [B^ we get that V/? with fv{R) - x 

r;0; Zl'" h (vmi')(Pi{^^-n(y)-(yx)/x}\yn{^x.R/y}) 

Zl' ^{vm2'){{Qi\Q^){^x.myUyx)i^^[Ax.RiyY^ 

From ( pT] ) we get that 

r;0; A' h (vmiOCCGl I Q2){^x.tl(y).{yx)i^][Ax.Riy]) 
Zl" h (vm2')((e; I Q'^){^x.tl(y).{yx)l^] | 

and from the definition of 

r;0; A'( h (vmi')(Fi{^^-'^/x) |yn{^^-^/y)) 
^A'^^iv m2'){{Q\ I I ym{^x.Riy^) 

as required. 

Lemma B.4. <Zx 


Proof. Let 


r;zliHFi ^"zljh^i 


The proof is divided on cases on the label { for the transition; 


F;zIihPi 


zl'i h P2 


- Case: ( i {(v rni)n\{Ax.P},(v in\)n\{in\),nl{Ax.P)] 
For the latter { and transition in ( |4T| l we conclude that: 

r',A2 H Q\ t=> zlj I- Q 2 


and 

r-,A\yP2 ^"4^22 

The above premise and conclusion coincides with defining cases for ^ in 
- Case: £ - nl{Ax.P) 

Transition in ( |43| ) concludes: 

nl(Ax.lUY) „,,„r 

r-,Ai^Pl A\^P 2 {‘^x.IUYI x) 

r;zlil-Pi 1 -^ A'lhP 2 {^x.niy).{yx)ix} 

The last two transitions imply; 


r\A2 h 2i 
F;zl2 F Qi 


nlUx.lUY) 


A’ 


nl(Ax. t?(y).(yx)) 


^Q2lAUPf/x) 

^2 F Q2{'^x.t?(y).(yx)/j,j 


□ 


(43) 


r;A[ h P2{^x. lUYlx] 

r;A'{ h P2{^x.n(y).(yx)/x} A'.^ h Q2{‘^x.tl(y).(yx)/x} 


and 
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To conlude from ( |4.2| i that V/? with fv(R) - x 

r-A\ h ^"zi' h Q2[^^-’^Ix] 


as required. 

- Case: £ -{v m\}n\{Ax. P) 

From transition (|4^ we conclude: 


r-,A2 I- Qi 


(v m2)n\{Ax. Q) 


4^22 


and for fresh t 


r;0; zl'j h {vmi){P 2 \ tl{x).{v i)( 2 i:i | i!{/lx.P).0)) 

Zl^ h (v m 2 ){Q 2 I tl{x).{v s){x s I s!(AL 0.0)) 

From the previous case we can conclude that VP with fpv(R) - (x): 

r;0; zl'j h {yin\)(P 2 \ f?(x).(v s){xs \ s\{Ax.P}.0)) 

—i (vmi)(P 2 l(vi)(s?(x)./?| s!</lx.P>.0)) 

^ A'(^(vm)(P2\R{'^^-P/x}) 

and 

r- 0; zl^ h (v m2)(0 I tl(x).(v s)(x s | s!<dx. e).0)) 

t%Az.z’(x).R) 

—> (v m2)(0 I (v s){sl{x).R I s!<x0.O)) 

^zl"h(vm2)(0|/?{^^-e/x)) 
and furthermore it is easy to see that 'iR with fpv(/?) = X: 

r-A'; h (v m,)(P 2 I R{^'^-Plx]) .12 b (y m2)(e2 I 2/4) 

as required by the definition of 
- Case: £ -{v m\')n\{mi) 

The last case shares a similar argumentation with the previous case. □ 

Lemma B.5. sscs. 

Proof. We prove that =» satisfies the defining properties of =. Let 

r\A\ I- Pi ai ZI2 I- P2 


Reduction Closed: 

P;zli I-Pi ^zl'j hP'j 

implies that BP^ such that 

F;zl2 h P 2 ^ zl^ I-P^ 
P;zli hP; ^4bP' 


Same argument hold for the symmetric case, thus a; is reduction closed. 
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Barb Preservation: 


r;%;Ai I- Pi >0 Xn 


implies that 


P-(vm)(n!<yi).P3|P4) 

n i Ai 


From the definition of ss we get that 

r-Ai H (v m)(n!<yi).P 3 | P 4 ) ^ A[ h (v m')(P3 I P 4 ) 


implies 


r;A 2 b P 2 


(y m 2 )n\{V 2 ) . 


From the last result we get that 


P;0;/d2 b P2>0 Un 


as required. 

Congruence: 

The congruence property requires that we check that ss is preserved under any context. 
The most interesting context case is parallel composition. 

We construct a congruence relation. Let 

S ^ m%-,Ai-A 3 i-(v niXPi I P)>o,P;0;/l2 --ds b (v n 2 )(P 2 I P)) I 

P'^A 1 bPi ~Zl2bP2, VP^ 0^^3 b P > O 

) 


We need to show that the above congruence is a bisimulation. To show that is a 

c 

bisimulation we do a case analysis on the structure of the —> transition. 

- Case: 

r-Ai-As b (v ni)(Pi I P) ^ a;-As b (v n])(P; | P) 

The case is divided into three subcases: 

Subcase i: £ ( {(v m)n\{Ax. Q},(v mmi)n\{m{)] 

From the definition of typed transition we get: 

P;zli bPi -^A\ bP'j 


P;2li h P2 ^ 4 b Pj 
P;zl'i bP;-4'bP' 


which implies that 


(44) 

(45) 
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From transition in ( |44| we conclude that 

r;^2-^3 H (v n 2 )(P 2 I ^ Zl^ -Zla h (V n2')(P'2 I R) 

Furthermore from ( |45] l and the definition of S we conlude that 

r;zl'i -zla h (V I /?) -zlj h (v n 2 ')(i ^2 I 

Subcase ii: i - (v mi)n\{Ax. Qi) 

From the definition of typed transition we get 


r;zliHPi 


(v mi)n\{Ax.Qi) 

^1 ^ P i 


which implies that 


(y m'>)n\(Ax. Qo) 

r-,AihP 2 A'^hP'^ 

ve,we£pv(e) 

r-A’( h {vni"){P\ I Q{^'^-Qilx]) ^ zl" h {vn 2 ")(P '2 I Q{^^-Q^lx]) 
From transition ( |46l l conclude that 

(v m'y)n\(Ax. Qo) 

r-,A2-A3k(yn2)(P2\R) Z(^-zlj h (v nV)(F^ I/?) 

Furthermore from (|47li we conlude that VQ with {x) = £pv(2) 


(46) 

(47) 


r-A'; -Zla h (y nn(P[ I e{«ei/x) | R)SA'^ -Zla h (y n2")(P^ I Q{^^- Q^lx] \ R) 


- Subcase hi: C - {v mm\)n\{m\) 

From the definition of typed transition we get that 


F;zl 


(y mmi)n\(mi) 

HP; ^ A,hP, 


which implies that 3 P'2,S2 such that 


(y mfn-})n\(mj) 

r;zlihP 2 ^ 4 bF' 

Ve,x=£n(0, 

r;zl" h (y ni)(P[ \ QMx}) ^ A'^ h (y n 2 ){P '2 I G{™2/£)) 


From transition (HSll conclude that 


(48) 

(49) 


, {v mm 2 )n\{m 2 ) 

r-A 2 -A 2 ^(vn 2 ')(P 2 \R) ^ A' 2 -A 2 ^(vn 2 '")(P 2 \R) 

Furthermore from ( |4^ we conlude that VG,x = £n(G) 

r-A'( -A^ H (y nn(P\ \ G{'«i/x) | R) S A'^-As h (y nV'XP^ | G{™ 2 /Jr) | R) 
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- Case; 

This case is divided into three subcases; 

Subcase ( i {(v m)n\{Ax. Q),{v mrn\)n\{m{)] 

From the LTS we get that; 

r;zl3 h4 h/?' 

Which in turn implies 

r;zl2 -Aik (v mXPi\R)^A2-A'^t-(v m'XPi I R') 
From the definition of S we conclude that 


r;/li -zl' h (v mi')(Fi I R')SA2-A'^ h (v m2’)(P2 I R') 

as required. 

Subcase ii; i -(v mi)n\{Ax. Q) 

From the LTS we get that; 


From (50 1 we get that 


r-,A2,\-R-^A'-^\-R' 

^RiAx] = fpv(/;i), 

r; 0 ;z(" i-(vm)(^' 1^1 2 / 4 ) >0 


(50) 

(51) 


r\A2-As h (v tn 2 ')(P 2 \R)^A2-A'^\-(v m 2 ){P 2 I R') 

Furthermore from ( |5T| l and the definition of S we conclude that 'iR\ with (x) 6 fpv(f?i) 
r;zli - 4' h(vmi)(Pi I {ym’XR'\Ri{^~^-Qlx]))SA 2 yjA’;^{vm 2 XP 2 I (y ih’XR' \Ri{^~^-Qlx])) 


as required. 

Subcase iii; € -{v mm)n\{m} 
From the typed LTS we get that; 


r;zl3 hf?' (52) 

Ve,x=£n(0, 

r;0;4'i-(vm')(^'ier/4)>o (53) 

From ( |52| ), we obtain that 

r-,A2 -Aik (v m2)(P2 \R)-^A2 -A'^\-(v m 2 ){P 2 I R') 

Furthermore from ( |53| and the definition of S we conclude that VQ,x = fn(Q) 
r-,Ai - zl" H (v mi)(Pi I (V m)(R' \ Qr'/mSA2 - zl" h (v m2)(P2 I (v m')(R' \ 0 ^/x))) 
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as required. 

- Case; 

r-,A, -zla h (y m)(Pi I R) A\ -zl' h (V mi')(P[ \ R') 

This case is divided into three subcases: 

( 

Subcase i: r',A\ h P\ —> A'^ v- P'^ and € i {(v m)n\{Ax. Q),(v mmi)n\{mi}} implies 


r^A-^ R —> A'^'t- R' 

r-A2^P2^A'^^P'2 

r;zl'ihP;-4 hP' 


From (54 1 and (55 1 we get 


r-A 2 -As h (v m 2 )(P 2 IR)^A:-A' h (v nh'XP^ I R') 


From (561 and the definition of (.S) we get that 

r;A\ -zlj h (v mi')(F'i | R')SA 2 -As I-(v m 2 ')(P 2 | R') 


as required. 

(v mi Q ]) 

Subcase ii: r',Ai h Pi —> A'^ i- P' implies 


(54) 

(55) 

(56) 


nl(Ax.Q\} , . 

r;A3^-R -4^ /l^l-P'{4v.ei/4 

r-Ai -Zls h (v mi)(Pi I R) A[ -zlj h (v mi")(F'i | Gi/v)) 


r ;zl2 H Pi 


(v m2)n\(Ax. Qi) 


^l^P'l 


ve,w-fpv(0, 

r-A'; h (y mi')(F'i | Q{^'^-Qilx]) ^ zl" h (y I Q{^'^-Q^lx]) 

From (|57|) and the Substitution Lemma (LemmajTT) we obtain that 


O 2 ) ,, , 

P;zl 3 I- R zl" h R'{^^- Q^lx) 


to combine with (581 and get 


P;zl 2 -As h (y iniXPi I P) ^ ^ 2-^3 b (y mX'XP'i I ^20)) 


In result in (591, set Q as R' to obtain; 

r;A'{ h (v mi'XP'i I R'{-^^-Qi/xj) S A 2 '(v m 2 'XP 2 I R'{'^^-Q 2 /xj) h 


(57) 

(58) 

(59) 


Subcase iii: P;zli I- P 


(v mmi)nl(mi) 


a;,p' 


r;A3hR —4 4 hP'^i/x) 

r;Ai UA 3 h (y OTi)(Pi I R) A\ UA'^ h (y mi")(Fi | P'l'^i/v)) 


(v fnmo)n!(m:>} 

r-Ai H P2 ^ zi^ 


bp; 


ve,{4 = fpv(0, 

P;zl" H (y mi')(P'i I Qr^lx]) « A’’ h (y m2')(4 I G{"4x)) 


(60) 

( 61 ) 


( 62 ) 
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From ( |60| ) and the Substitution Lemma (Lemma [3.1| l we get that 

r^A^'rR ^ A” ^R'{rn2lx} 

to combine with ( [M] ) and get 

r;zJ 2 -As h (y m 2 )(P 2 I R) ^ A'^-A'{ h (v m 2 ")(F^ I R'^^in) 
Set Q as R' in result in ( |6^ to obtain 

r-A'l h (y m'){P\ I R'rilx})SA';_ H (y m2')(F^ I R'^^x}) 


□ 

We prove the result =Css^ following the technique developed in ifTSll and refined 
for session types in 1127 1261 . 

Definition B.l (Definibility). Let r\%\A\ I- P>o. A visible action € is definable when¬ 
ever there exists (testing) process F;0;A2 F T{i,succ}>o with succ fresh name such 
that: 

- If r;Ai h P —> zJj I- P' and t e {n®t,n8c£,nl{m),nI{Ax. Q)] then: 

P I T{{,succ) —> P' I sMcc!(m).0 and -Aj H P' \ succl{m}.0 

(v m)n\{V) 

- If r;Ai I- P —> Aj h P', t fresh and in' C m then: 

P\T{(v m)n\{V),succ) —> (y m)(P' \ tl{x).{v s)(xs \ s!(y).0) | succ\{h,m').0) 
r',%\A'^ ■ Aj H (y m){P' \ f?(x).(y s)(xs \ s!(y).0) | succ\{h,m').0)>o 


- Let £ e {n®(,n&.(,nl{m),nl{{x)Q)]. If P \ T{£,succ} —> Q with r;%;A i- Q>o isucc 
then r;Ai i- P A' i- P' and Q = P' \ succl{h).0. 

(v m)n\{V) 

- If P \ T{{v m)n\{V),succ) —> Q with r\%\A Q><> isucc then r\A\ i- P 

Aj I- P' and Q = (v m)(P' \ tl{x).(v s)(xs \ i!{y). 0 ) | succl{h,m').0) with t fresh and 
in' C fh. 

We first show that every visible action £ is definable. 

Lemma B.6 (Definibility). Every action £ is definable. 

Proof. We define T{£, succ); 

- 7’(n?(y),succ) = n!(y).succ!(n).0. 

- 7’(n&/,succ) = n</.succ!(n).0. 

- T{(v m')n[{m},succ} - n?(x).(f?(x).(y s)(xs | s!{x).0) | succ!(n',m").0) with m" c 
fh'. 
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- 7’((vm)n!(/lx. 2),succ) = n?(y).(f?(x).(v s)(xs | s!(/lx.(yx)).0) | succ!(n,m').0) with 
in' C m. 

- T{n® I,succ) -n>{l : succ!(n).0),Z,-: (v a)(a?(y).succ!(n).0)),e/. 

Assuming a process 

r;0;z) i-P>o 

it is straightforward to verify that € is definable. □ 

Lemma B.7 (Extrusion). If 

r-,A\ h (v m\){P I succ!(n,mi").0) =^2 I- (v m2')(Q | succ!(n,m2”).0) 

then 

r;Aii-P^A2i-Q 

Proof. Let 


.S = {r;0;zli I-P>o,r;0;zl2i-e>o | 

r',A\ h (v rn\){P I succ!(n,mi").0) =A 2 I- (v m 2 ')(Q | succ!(n,m2").0) 

) 


We show that .S is a congruence. 

Reduction closed: 

P —> P' implies (v mi')(P \ succ!(n,mi").0) —> (v rnffP' \ succ!(n,mi").0) implies 
from the freshness of succ (v rni'){P \ succ!(n,mi").0) —>-> (v rnffQ' \ succ!(n,m2").0). 
which implies Q —>-> Q' as required. 

Barb Preserving: 

Let r-,%-,A\ I- P J,i. We analyse two cases. 

- Case: s + n. 
r;0;zli H P implies 


r\%\A\ h (v mi){P I succ!(n,mi").0) [s 

implies r; 0 ;zl 2 b (r mffQ \ succ!(n,m 2 "). 0 ) (J-j implies from the freshness of succ that 
r; 0 ;zl 2 b 2 JJ-i as required. 

- Case: s - n and r;0;z)i P in 

We compose with succ?(x,y).7’(f.succ') with subj(^) = x to get 

r\%-,A\ h (v m\'){P I succ!(n,mi").0) | succ?(x,y).r {(, succ') 

Which implies from the fact that r\%\A\ P in that 
(vmi')(P I succ!(n,mi").0) | succ?(x,y).r {{, succ') —>-> (vmi')(P^ I succ'!(n,mi").0) 
and furthermore 

(vrn 2 ')(Q I succ!(n,m2").0) | succ?(x,y).7 ’{{, succ') —>-> (vrn 2 ')(Q' \ succ'!(n,m2").0) 
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The last reduction implies that r;0;zl2 i- 2 JJ,„ as required. 

Congruence: The key case of congruence is parallel composition. We define relation C 
as 


C = {r;0;zli -A-i H P \R>o,r;%;A 2 -A^i-Q] R>o \ 

V/?, 

r-,A\ h (v m\'){P I succ!(n,mi").0) = /Ij b (v m 2 ')(Q I succ!(n,m2").0)) 

We show that C is a congruence. 

We distinguish two cases: 

- Case: n,m\",m 2 " i fn(/?) 

From the definition of C we can deduce that V/?: 

T;/!" h (v m\){P \ succ!(n,mi").0) | /? s h (v m 2 )(Q I succ!(n,m2").0) | R 

The conclusion is then trivial. 

- Case: S - n {n,m 2 ") e fn(/?) 

From the definition of C we can deduce that such that R - R^’'{^/yi ) and succ' fresh 
and {y) = {/i)U{/ 2 ); 

r;0; A” h (v m\){P \ succ!(n,mi").0) | succ?(y).(f?^i | succ'!{y2)-0) 

= A^ \- (v rn 2 ){Q \ succ!(n,m 2 "). 0 ) | succ?(y).(/?^' | succ'!{y 2 )- 0 ) 

Applying reduction closeness to the above pair we get: 

r-,A'; h (v mi'){P I R I succ'!<i2).0) Szl" h (v m 2 ){Q \ R \ succ'!<S2).0) 

The conclusion then follows. □ 

Lemma B.8. =Css^. 


Proof. Let 


r',A\ h Pi = zl2 b P2 


We distinguish two cases: 

- Case: 

P;zli I- Pi -^A\ i-P'j 

The result follows the reduction closeness property of = since 


F;zl2 b P 2 ^ 4 h P^ 


and 


- Case: 


P;4HP'i-4hP' 
P;/4i hPi -^4 hP'j 


( 63 ) 
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We choose test T{(, succ) to get 

r;2li-zl3 hPi |7’<^,succ)szl2-^3i-f’2|7’<Asucc> (64) 


From this point we distinguish three subcases: 
Subcase i: ^ e {n7{m},n7{Ax. Q),n®l,n&.l] 

By reducing (63 i, we obtain 


implies from (|64]l 


Pi I T{(,mcc) — > P\ I succ!{n).0 
r;V);A\ -A'j h Pj | succ!<n>.0 isucc 


P;0;zl2 -As h P 2 | r(f’,succ) Jlsucc 


implies from Lemma B.6 


P;/l2bP2^/f2HP^ 

P 2 I T(i,succ} —>-» P 2 I succ!(n).0 


and 


P;zlj -A'^ h Pj I succ!(n). = A '2 ■ A'^ h P 2 I succ!(n).0 


We then apply Lemma B.7 to get 


P;zi; hp;-4 hP' 


as required. 

Subcase ii: i - (v mi)n!(Ax. Qi) 

Note that r((vmi)n!((x)2i),succ) = T{(v m2)n\{Ax. Q2),succ) 
Transition in (|6^ becomes 


r-M^P\ 


(y mi)n\(Ax.QY) 

2l,HPi 


If we use the test process T ((v mi)n!((x)Qi),succ) we reduce to: 


(65) 


Pi I T{{y m\)n\{Ax.Q\),mcc) —> (vmi)(Pj | f?(x).(v s){xs \ s!(/lx. gi)-0)) | succ!(n,mi').0 
P;0;zlj -A'^hiv mi){P\ \ f?(x).(v s)(xs | s!(/lL 2i).0)) | succ!<n,mi').0 isucc 


implies from (64 1 


P;0;/l2-zl3 1 -P 2 I r((vm2)n!(/lx.22),succ) Us 


implies from Lemma B.6 


{y m2)n\{Ax.Q2) 

r-A 2 h P2 ^ Ayp'2 

P2 I P(f’,succ) —>-» (v m2){P'2 I f?(x).(v s)(xs | s\{Ax.Q2).0)) \ succ!(n,m2').0 


(66) 
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and 


r;0; zlj -Jj h (vmi)(Pj | f?(x).(v s)(xs | s!{/lx.gi)-0)) I succ!(n,mi').0 
= I- (v m 2 )(P 2 I f?(x).(v s)(xs I s!(/lx. 22)-0)) | succ!(n,m2').0 


We then apply Lemma B.7 to get 


r;@; A'^ h (vmi)(f’j | f?(x).(v i)(xi | i!(/lx.2i).0)) 
S /l2 F (vOT2)(^’2 I t‘^(x).(v s)(xs \ 's\{Ax. Q 2 ). 0 )) 


as required. 

-Case: {-{v s)n\{m) 

Follows similar arguments as the previous case. □ 


Theorem B.l (Concidence). 

7. ^ = 

2 . = 


Proof. Lemma 




B.l 


c ss. Lemma 


B.5 


proves = 
proves 


M _ 

X! C S. 


. Lemma 


B.8 


proves = c . Lemma 


B.4 


proves 


From the above results, we conclude = c 


„//_ c 




B.2 T-inertness 

We prove Part 1 of Proposition 

Td 

Proposition B.l (r-inertness). Let balanced HO;7r process F;®;/! h P>o. r-,A h P i—> 
zl' H P' implies r\A )-P A'h P'. 

Proof. The proof is done by induction on the structure of —» which coincides the 
reduction —». 

Basic step: 

- Case: P - (Ax.P)n: 

r-,A h {Ax.P)n h^A'\- P{«/x) 

fs 

Bisimulation requirements hold since, there is no other transition to observe than i—>. 

- Case: P = s\{V).Pi \ sl(x).P 2 : 

r-A h s!<y).Pi I s?(x).P 2 ^ zl' h Pi IP 2 

The proof follows from the fact that we can only observe a t action on typed process 
P;0;zl I- P>o. Actions i!{y) and i?{y) are forbiden by the LTS for typed environments. 
It is easy to conclude then that r\A P A' i- P'. 

- Case: P = s</.Pi | s>{li: P,),e/ 

Similar arguments as the previous case. 

Induction hypothesis: 

If Pi —»P 2 then Pi;zli h Pi A 2 'rP 2 . 
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Induction Step: 

- Case: P -{v s)P\ 

r-,A h (v s)Pi hA a' h (v s)P2 

From the induction hypothesis and the fact that bisimulation is a congruence we get that 
r-,Ah P^^ A’ P'. 

- Case: P - P\ | P 3 

r;zlhPi 

From the induction hypothesis and the fact that bisimulation is a congruence we get that 

r\A)-P^^ A'hP'. 

- Case: P = P\ 

From the induction hypothesis and the fact that bisimulation is a congruence and 
structural congruence preserves we get that r\A )- P A' h P'. 

□ 


C Expressiveness Results 

C.l Properties for : H07r-> HO 

We repeat the statement of Proposition | 6 ^ as in Page[29| 

Proposition C.l (Type Preservation, HOtt into HO). Let P be a HO;r process. If 
r-,%-,AhP>o then Cr»'; 0 ;«zl»' h 

Proof. By induction on the inference of r-,%-,A h P>o. 

1. Case P - k\{n).P'. There are two sub-cases. In the first sub-case n-k' (output of a 
linear channel). Then we have the following typing in the source language: 

r-,%-,A-k-.S bP'>o r;0;{C :5i)i-C>5i 
r-,%-,A-k' : S vk:\{S ifS ^ k\{k').P' >0 

Thus, by IH we have 

«r»';0;«/l»i-^:«5»AlP']'>o 

Let us write U\ to stand for ?(([5 1 ))*- 00 ); end- 00 . The corresponding typing in the 
target language is as follows: 

Cr»i;{x:C5i>‘^o};0Hx>C^i»^^o «r»i;0;{C : «51)'} H C>C5 1 ))^ 

_ iri)^-Ax-.iSxy^o)-k’■.iSxy^xk’>o _ 

_ iry-{x:iSiy^o]-k':iSiy-z:enA<rxk'>o _ 

_ CO)^;0;^':«5i))i-z:?(«5i))i^o);endbz?(x).(x^')>o _ 

Cr»>; 0 ;^':«5i»i i-Tz.z?(x).(x^ 0 >t/i ^ ’ 

jPy- 0; «zl»‘ y H [PI ‘ > o «r»‘; 0; C : «5 1 >‘ h Az. z?(x).(xC) > Ui (|6^ 

«r»i; 0 ;C 2 l>': «5iy:!<t/i);«5»i h ^!<Tz.z?(x).(x^')>.[P'l Ao 
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In the second sub-case, we have n - a (output of a shared name). Then we have the 
following typing in the source language; 

r-a:{Si};(/i;A-k:S P'>o T-a : <51);0;0 h a>5 1 
r-a:{Si}-(D;A-k:[{{Si}y,S bk[{a}.P'>o 

The typing in the target language is derived similarly as in the first sub-case. 

2. Case P - kl{x).Q. We have two sub-cases, depending on the type of x. In the first 
case, X stands for a linear channel. Then we have the following typing in the source 
language; 

r',%',A-k \ S ■ x \ S \ ^ Q><> 
r;0;zl-;t;?(5i);5 ^kl{x).Q>o 

Thus, by IH we have 

iPf- 0 ; «zl»' ■ ^ ; « 5 »' ■ X; i»i h [ 21 ' > o 

Let us write U\ to stand for ?(([5 i))*-oo);end-oo. The corresponding typing in the 
target language is as follows; 

irf-[X-.Uy}-,%^X>Uy Cry;0;-i;?(CSiy^o);end h 5>?(«5i»'^o);end 

-^-;- (oo) 

CO'TX; Cih-i ;?(CSi>i^o);end l-xi >0 

Cry;0;0hO>o «r))l;0;«d»L^:C5yx;«5i»‘ h[6]‘>o 
Cn) 1; 0; i : end h 0 > o ((D) 1; 0; (d)) 1 • fc ; (5 ))1 h dx. [g] 1 > (5 1 ))' 

COi; 0 ;Cd»l •* : « 5 » 1 ;KC 5 i>'-=o);end h S!(dx. [e]i). 0 >o 


Crr;{2f ; ;?(C5i»'^o);end l-x.s><> _ 

«ry;0;«/l»L*:«S»Li:!<C5i»'^o>;endh5!(dx.[e]'>.O>o (I^ 


(TO) 


COi;{X; (7i);«d»i -/t; • j ;?(«5i»i^o);end-i ;!<«S i»'^o>;end h x j | j!(/lx. [e]i).0>o 


Cry;{X; 17i|;«d»L^:(5y ■j;?(«5i»i^o);end-;5;!<«5i»‘^o);endhx^|^!(dx.[g]‘).0>o 
_ jPy-AX ; l/i|;«d»l - ^ : «5))1 Kv s){xs \ ^!(dx. [6]i).0)>o_ 

Cr»i;0;«zi:)l -fc ;?(t/i);C5»l h fe?(x).(y 2(xi I i!(dx. [e]i).0)>o 

In the second sub-case, x stands for a shared name. Then we have the following 
typing in the source language; 

r-x:{Siy,%-,A-k:S i-2>o 
r-MA-kP-dsi)y,s hki{x).Q>o 

The typing in the target language is derived similarly as in the first sub-case. 

3. Case Pq - X. Then we have the following typing in the source language; 


r-X-.A\%\%^X>o 
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Then the typing of [X]! is as follows, assuming f(X) = h and x = (1|«|D. Also, we 
write Afi and Ax to stand for n i : 5 1 ,..., n„,; 5 ^ and xi : S i,.. .,Xm ■ S respectively. 
Below, we assume that F - F' ■ X : T-^o, where 

f^{S,S*) 5*=?(A);end A =yut.(5,?(t);end) 


F; 0; {«,■; 5,) h «,■ > S 
F;%;%\-zx>f^o F;®; {s : S*] i- s>S* 
F; %;An,s :?(f^o);end h zx(«,i)>o 


(71) 


F; 0; {xi : 5,) I- xt>Si 
F; 0; {z:5*)l-z>5* 

F',%\% y- 

r;0;0i-O>« F-,(l);Ax,z'.S*\-zx(x,z)>o 

F',(l>',s: end h 0>o T; 0; 0 i- A(x,z). Zx(x,z)>T^o 
F; 0; i :!(f^o);end h i!{/l(x,z). zx(-S,z))-0>o 

T; 0; An,s :?(f—>o);end )- zx(n,s)>o (^i 

F; 0; s :!<f^o);end h i!(/l(x,z). zx(-^,z))-0>o (72i 

F; &;Afj,s :?(f ^o);end, s :!(f—yo);end k zx(n,s) | i!(/l(x,z). x(x,z)).0>o 
F; 0; Afj h (v s)(zx(n,s) I s!(/l(x,z). zx(-^,z))-0)>o 
4. Case Pq = pX.P. Then we have the following typing in the source language; 


F-X:A;@;AhF>o 
F- %-,A\-iiX.P>o 


Then we have the following typing in the target language —we write R to stand for 

I-Pll^x^n) (llofn(P)ll). 


cr»^-zx:f^o; 0 ; W)‘hP>o 
: f^o-, 0 ; : end h P>o 

Cr»i; 0 ; :?(f^o);endH s?(zx).P>o 


«r»‘-zx:f^o;0;«Aj^»‘b[/^j0>o 
«r»i -ZX : f^o; 0; «Ar»‘,y : end h m^>o 
«r»'; 0; 0 I- 0> o ; 0; iAxhKy :?(A);end i- y?(zx)-[^j 0 >« 

Cr»i;0;^:endHO>o 0; 0 b A(x,y).y?(zx)4-^j0>r^^ 

«r>i; 0; ^ :!<f^o);end h i!(d(x,y). y?(zx).[-R4>-0>o 

«r>'; 0; :?(f^o);end h sl{zx).R>o ^ 

iFf- 0; s :!<f ^o); end h i!(T(x,y). y?(zx).[/?j 0 >.O>o ^ 

Cr»i; 0; iAnhKs :?(f^o);end,^ :!(f^o);endb ^?(zx).-R I ^!(/l(x,y). y?(zx).TO.0>o 
«Oi; 0; (An)y h (v ^)(^?(zx)./? I i!<d(x,y).y?(zx).L-Rj 0 >-O)>o 
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□ 


We repeat the statement of Proposition |6^ as in Page[^ 

Proposition C.2 (Operational Correspondence, HOtt into HO). Let P be a HOtt pro¬ 
cess. If r;0;zl I- P>o then; 

^1 

1. Suppose r-,A h P I—» A' h P'. Then we have: 

a) If £i e {(v m)n\{m}, (v m)n\{Ax.Q), s®l, s&l} then 3£2 s.t. 

({Py-AAf h [P]} ^ iA'y H [P'l} and £2 = {hf ■ 

b) If £\ - nl{Ay. Q) and P' = Po{'^^- 2/x) then 3^2 s.t. 

«P>';C3»i h [P]} ^ iA'y H [Po]}{dj.[e];/x) and £2 = {{Al‘. 

c) If £i - nl{m) and P' = Po{™/x) then 3(’2, R s.t. 

«0‘;C4i»' H [P]} ^ iA'y h p, with £2 = {{A))‘, 

and CO)';«4l'»' F R ^ C4l'»' H IPol}™. 

d) If = T and P' = (v m)(Pi | P 2 {'”/^)) then 3P s.t. 
iry-A^y F [PI} A iAy f (v miPiff i -r), and 

«P>';C4l»' F (y mXIPil} | R) AAA f (v m)([Pi]} | IP2l}r/x)). 

e) If = T and P' = (v m){P\ \ P 2 {^I'- 2/x)) then 

«0‘;C4l»' F [P]} A iA^y F (y m)([Pil} I IP 2 l}{^L[ei;/x)). 

f) If = T and P' ^ (y fh){Pi \ P2{™/4) A P' ^ (y fh){P\ \ P 2 {'^>'- 2/x)) then 
«P>';C^»1f[P]} Ac3;»'f[P']}. 

2. Suppose «P»'; C/I))' f [P]} A C3'»' f Q. Then we have: 

a) If £2 e {(y ih)n\{Az. z?(x).(xm)), (y m)n\{Ax.R), s®l, s&l} then 3£\,P' s.t. 

F P A 3' F P', A = SAI', and Q = [P']}. 

b) If £2 = nl{Ay.R) then either: 

(i) 3£ux,P',P" s.t. 

r-A^P^A'v P'yy-P''lx), £x = f [P"l} = R, and Q = [P']}. 

(ii) R = yl{x).(xm) and 3^i,z,P' s.t. 

r-,A )-P A' I- P'{'"/z), £i = f Al^ and 
«P»i;«3'»' F Q A A A iA"y F [P'{'”/z)l} 

c) If A = "r then A' - A and either 

(i) 3P' s.t. r-AhP^^A^ P', and Q = [P']}. 

(ii) 3Pi,P2,x,m,2's.t. P;3 F P I—>3F(ym)(Pi | P 2 {™/x)), and 

«p»i;«3»i F Q A A A iAy F [Pi]} I [P2rA)i} 

Proof. By transition induction. We consider parts (1) and (2) separately: 

Part (1) - Completeness. We consider two representative cases, the rest is similar or 
simpler: 
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1. Subcase (a): P - s\{n).P' and l\ - s\{n) (the case {\ - (v n)s\{n) is similar). By 
assumption, P is well-typed. We may have: 

r;0;/lo ■ s : 5 1 I-P'>0 r;0;{n:5) i-«>5 

r-,%-,AQ-n:S ■s:\{Sy,Si h s\{n).P'>o 
for some S,S i,Ao. We may then have the following transition: 

r;zlo-n:5 ■s:!(5);5i h s\{n).P' r-,Ao-s:S i h P' 


The encoding of the source judgment for P is as follows: 

«r»';0;«2lo-n:5 ■s:!<5);5i»' h [s!(«>.P'l'>o 


which, using Definition 6.3 can be expressed as 

«r»P;0;«2lo»-n:C5»'-^:!<?(«5»'-.o);end^o);«5i»ih^!(Tz.z?(x).(vn)).IP'l'>o 
Now, ffi))* = i!{/lz. zl(x).xn). We may infer the following transition for 
CP»^0;«zl»' h s\{Az. z?(x).(vn)).[P'l' >0 


(16 


CP»^0;«zloy-^:C5i»'h[P'l'>o 


= CO)^0;«^o-s:5i»'[-IP']‘>o 


from which the thesis follows easily. 

2. Subcase (c): P = nl(x).P' and ii = nl{m). By assumption P is well-typed. We may 
have: 

r\%',AQ - x \ S - n ■. S \ 'r P' >0 r',(l)-,{x: S]h x>S 

P;0;zlo ■ n :liS);S i h nl{x).P'>o 
for some S,S i,Ao. We may infer the following typed transition: 

^ , nl{m) ^ , 

r\%\AQ ■ n :7(Sy,S i h n7(x).P >o i—> r\%',AQ-n\S\-m\S i- P {'^/x) >o 
The encoding of the source judgment for P is as follows: 
CP»^0;«2lo-n:?(5);5i»ih[P]'>o 

= iPf- 0; «/lo>‘ ■ n ■.7{7(iSf^oy, end^o); 1»' h n?(v).(v s){(xs) \ s!(Ax. [P'l ').0) > o 

Now, {T”! l' = n7{Az. z7(x).(xm) ) and it is immediate to infer the following transition 
for[P]': 

iPf; 0; «zlo»' ■ n :7(7(iS end^o); i»i h n?(x).(y ^)((x^) | ^!(Tx [P'l' ).0) > 

CP»^0;«6lo»' ■« : «5i>' -m : C5»‘ h (v s)((vs) | s!(dv.[P'l’>.0){^z->o 

Let us write R to stand for process (v i)((xs) | s!{/lv. [P']*).0){^z. z7(x).(xm)j x]. We 
then have: 

P (v s)(s?(x).(vm) I s!(dv. [P'l').0) 

^{Ax. [P'l^jmlO 
^ iP'frix) 


and so the thesis follows. 
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Part (2) - Soundness. We consider two representative cases, the rest is similar or sim¬ 
pler; 

1. Subcase (a): P -n\{m).P' and {2 -n!(Az. zl{x).{xm)) (the case £2 - {vm)n\{Az. zl{x).{xm)) 
is similar). Then we have: 

«r»'; 0; C/lo))' -n :!(?(C5»i^o);end^«>;«5i»' h n\{Az.zl{x).{xm))lP'f>o 
for some S,S 1 , and Aq. We may infer the following typed transition for [P]*: 

irV- «z(o»‘ ■« :!<?(«5»'-^o);end^o);«5i>‘ hn!(Tz.z?(x).(^m)).[P'li 

Now, in the source term P we can infer the following transition 

r-, Aq-h :\{Sy,S I h n\{m).P' r-, Aq - n : S I ^ P' 

and thus the thesis follows easily by noticing that fn!(m)|^ = n\{Az. zl(x).(xm)). 

2. Subcase (c): P - nl{x).P' and £2 - nl{Ay.yl{x).{xm)). Then we have 

«r»*;0;C2lo»'-n:?(?(«5»'-^«);end^o);«5i»'hn?(;r).(vi)((xi)|i!(dx.[P'li>.O)>o 
for some 5, 5 1 , /Iq. We may infer the following typed transitions for 

iPf- «zlo>‘ ■« ;?(?(C5>‘-o);end^o);C5i»' h n?(x).(v 5)((x5) | 5!(dx. IP']').0) 

^ irf-, lA^f-n: : «5i»' h (v ^)((x^) | ^!(Tx. [P'l').0)Hz-z?W-^™/x) 

= irf\ (Aof-n: «5i»‘ -m : «5»' h (v s)(s?(x).(xm) | s!(Tx.[P'li).0) 

^ CO)'; (Oo>‘ ■« : «5i»‘ -m : «5»0 (dx. IP'li)m 
^ CO)'; (Oo>' ■« : «5i »'-m : «5»' H [P'l'rO) 

Now, in the source term P we can infer the following transition 

, n?(m) , 

r;Ao-n:?(S);Sii-n?(x).P' ^ P; Aq ■ n : S i ■ m : S 1 -P'{>^/x} 
and the thesis follows. 

□ 

We repeat the statement of Proposition |6.5| as in Page[3T] 

Proposition C.3 (Full Abstraction, HOtt into HO). P;zli 1 - Pi ZI 2 f Qi if and only 
if CO)';(Oi»i h [Pil} (02»i h [021}. 

Proof. Proof of Soundness Direction. 

Let 


^ = {POi h Pi ^^A2 h Qi I «0)';C^1»' F IPil} C^2»' F leil}) 
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The proof considers a case analysis on the transition i—> and uses the soundness direc¬ 
tion of operational correspondence (cf. Proposition |6.4| l. We give an interesting case. 
The others are similar of easier. 

- Case: € -{v m\)n\{mi). 

Proposition |6.4| implies that 




(v m\')n\{m\) 


A\^P2 


implies 


1 1 1 {v m\')n\{Az.z^{x).{xm\)) , i i 

«0)';«^i>‘ H iPii} h IP 2 I) 


that in combination with the definition of !R we get 


1 1 1 (v m2')n\{Az.z2(x).ixm2)) , , , 


(75) 


and 

«r»';0; «/);»' h (y miO(IP 2 l} I t7(x).(y s)(xs | l\{Az.z'?(x).(xm,)}.0)) 
«d^»' h (V m 2 ')(lQ 2 ff I f?(x).(y | ^!<Tz.z?(^).(^m2)).0)) 

We rewrite the last result as 

«r»';0; iA[f h [(y miO(P 2 I f?(^).(v 5)(^5 | ^Km^.O))]! 




h l(y m 2 ')(Q 2 I f?(^).(v I ^!<m2).0))l 


to conclude that 


r;0; A'^ h (y mi')(7’2 I f?( 2 i:).(y s)( 2 :s | s!(mi).0)) 

!R /<2 b (y m 2 )(Q 2 I t7(x).(v s)(xs \ s!(m 2 ). 0 )) 

as required 

Proof of Completeness Direction. 

Let 

^R = {CO)';«^i»‘b[Pii},«2i2»‘b[0,i} I r;ziihPi ^"212 hgi) 

We show that by a case analysis on the action { 

- Case: £ i {(y m)n\{Ax.P), nl{Ax.P)}. 

The proof of Proposition |6.4| implies that 

irf-AAxf H iPii} ^ iA\y h IP2I} 

implies 

r;AihPi ^A\\-P2 

From the latter transition and the definition of % we imply 


T;2l2 b Qi t=> A '2 b Q 2 

r-,A\hP2«^ A'2hQ2 


(76) 

(77) 
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From [76] and Proposition |6^ we get 


F iQiil ^ C^2»‘ F IQiff 


Furthermore, from 77 and the definition of we get 

«r»';«zf'i»' h IP2I} ^ « 2 l 2 »‘ F [ 021 } 


as required. 

- Case: { -{v m)n\{Ax.P) 

There are two subcases: 

-Subcase: 

The proof of Proposition |6.4| implies that 

«ry;«2(i»' H IPil} ^ iA\f h IP 2 I} 


implies 

r;zli hPi 1-P2 

where the proof is similar with the previous case. 

- Subcase: 

The proof of Proposition|6.4|implies that 


«ry;«/ii>‘F 


, {v m\')n\{Az.z^{x).{xm\)) , , , 

iPiir ‘ ^ c^'i»'fip21 


implies 


r-AihP 


(v mi)n\{m\) 


A\^P2 


From the latter transition and the definition of we imply 


r ;/l 2 F Qi 


(v m2 


4^22 


(78) 


and 


r',%\A'^ h (v m\'){P 2 I f?( 2 i:).(v s)( 2 cs | s!(mi).0)) 

A 2 (v liii'XQi I t7(x).(v s)(xs I i!<TO2)-0)) 


From ( |78| ) and Proposition |6.4| we get 

1 1 1 (v m2')n\(Az.zKx).(xm2)) , , , 

co';«^2»4[ei]} ^ c4» Fiai} 

Furthermore, from fTO] ) and the definition of % we get 

«r»';0; iA[f h [(vmiO(P2 I f?(^).(v 5)(^5 | 5!<mi).0))n 


/ 


% iA’y h [(vm2')(e2 I f?(^).(v I ^!<m2).0))] 


(79) 


as required. 
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- Case: { - rf!{Ax.P) 

We have two subcases. 

- Subcase: Similar with the first subcase of the previous case. 

- Subcase: The proof of Proposition|6.4|implies that 


1 1 1 ,, 1 


\-R 


implies 


r;zli hPi ^ zl'j hP2 


and 


From the transition (|80ll and the definition of we imply 


rf!{m2) 

r\A2 H Q\ t=> A 2 h Q 2 


r-,A[\-P2^^ A’2hQ2 

From ( |82| ) and Proposition|6.4|we get 


1 I I n'!{Az.z'!(x).(xs)) , . 


Furthermore, from 83 and the definition of % we get 

«r»';«2('i»' h IP 2 I} ^ «^2»‘ ^ I&l} 
If we consider result ( |8T] l we get: 

({A'f H lQ 2 l\ 


where following Lemma 4.3 we show that Risa bisimulation an up to 1 


(80) 

( 81 ) 

(82) 

(83) 


□ 


C.2 Properties for ([■p,«'))^,f'|^): HO;r—> n 

We repeat the statement of Proposition as in Page[^ 

Proposition C.4 (Type Preservation, HO;r into n). Let P be a HO;r process. 
If r;0;/< h P>o then irf-,%-,iAf-\- IPl2>o. 


Proof. By induction on the inference r-,(tr,A )- P>o. 

1. Case P = k\{Ax.Q).P. Then we have two possibilities, depending on the typing for 
Ax. Q. The first case concerns a linear typing, and we have the following typing in 
the source language: 


r\%\Ai-k\S i-P>o 


P;0;zl2 -x: I- Q>o 
r;%;A 2 H Ax.Q>S 1^0 


r-a-Ai ■A 2 ■ k:\{Si^oy,S h k\{Ax. Q).P >0 






80 


February 11, 2015 


This way, by IH we have 

irf-W2f,x:iS^f^lQf>o 

Let us write U\ to stand for (?(({5end). The corresponding typing in the target 
language is as follows: 

«A»" = «0"un:<?(«5i»2);end> 

ifif ^ir,fyjx-.iA2f 

Also (*) stands for ({Ti))^;0;0 1 - «> f/i; (**) stands for ^T'2))^;0;0 H a>Ui; and (* * *) 
stands for CT' 2 ))^; 0 ; 01 - X>o. 


Cr2))";0;«^2))^x:C^i>2H[Q]2>o 

«r 2 »"; 0 ;« 2 l 2 »^y: end,x: «5i»2 h [Q]2>o _ 

_ Cr2»^;0;C^2))^y:?(C^i>^);endFy?w.[e]2>o (**) 

(***) _ Cr 2 »^; 0 ;« 2 l 2 »^ F al(y).yl{x).m^>o 

_cr2»";0;«2l2>^ F al{y).yl{x).lQ-f \ x>o _ 

«ri»2;0;«zl2>2 HA<X(fl?(y).y?W.[ei2 | X)>« 


ir,f-%-iAxf,k-.iSfvlPf>o 
i^,f■%■XA2f^^iXia^{y).y^{x).lQf\X)><> (Hg 

«ri»2;0;C2li,zl2»2,^ : «5»2 h IP12 I juX.(fl?(y).y?W.[e]2 I 

Cri»2;0;0hfl>t/i 

CA» 2 ; 0 ;« 2 li, 2 l 2 »l^ : isf h [PF | ^X.(fl?(y).y?(x).[0l2 | X)>o Q 
cri»2;0; (Ai ,zl2>2 ,k :!(t/i); (A»2 h ^!<a).([P]2 | A/X.(a?(y).y?(x).[6l2 | ;^)) > <> 

Cr»2; 0; (Ai ,zl2»2,^ : !<t/i); «5»2 h (v n)(^!<n>.([Pl2 | ^iX.{a^{y).y^{x).lQ^^ \ X))) > o 
In the second case. Ax. Q has a shared type. We have the following typing in the 
source language: 


P;0;-x : 51 i- Q><> 


r\%\A-k-.S i-P>o 
r-,%-,A-k\\{Si^. 


P; 0; 0 1 - dx. Q>Si -oo 
P; 0; 01- dx. Q>S 1^0 
o}',S )- k\{Ax.Q).P>o 


The corresponding typing in the target language can be derived similarly as in the 
first case. 

2. Case P - kl{x).P. Then there are two cases, depending on the type of X. In the first 
case, we have the following typing in the source language: 

r x: S i^o; %;A-k:S i-P>o 
P;0;zl-/t:?(5i^o);5 hA(x).P>o 


The corresponding typing in the target language is as follows: 


CP»2 ■ X : <?(C51»2);end); %-A-k :iS »2 h «P»2>o 
CP))2; 0; «zl))2 • k :?«?(«51))2); end)); «5 ))2 h kl{x).lPl^ > o 
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In the second case, we have the following typing in the source language: 

T; [x ■. S\-ooy, A ■ k : S 'rP>o 
r;0;zl-;t:?(5i^o);5 ¥k‘l{x).P>o 

The corresponding typing in the target language is as follows: 

jPf ■ X : <?(C5 1 »^);end); ^-A-k-.jS f h jPf >o 
Cr»2; 0; «zl»2. k :?«?(«5 1 » 2 ); end)); {{S »2 h ^?(x).[Pl2 > o 


3. Case P - xk. Also here we have two cases, depending on whether X has linear or 
shared type. In the first case, x is linear and we have the following typing in the 
source language: 

r;{x: S i^o); (l>\- X>S i^o r;0;{^ : 5i) i- A:>5i 
T; {x : 5 i-oo); k : S i b xk>o 


Let us write iPi}^ to stand for ({T))2 -x : (!{((5 i))2);end). The corresponding typing 
in the target language is as follows: 


«ri»2;0;0hO>o 

Cri))2; 0; s : end i- 0>« 


«A»2;0; {^:«5i»2)h^>C5i»2 


CA»2;0; /t: «5i»2,i:!<C5i»2>;endhi!<;t>.0>o 


( 86 ) 


Cri»2; 0; k : iS i}\ i :!<«5 1 » 2 ); end h -s\{k).0>o ® 

«ri>2;0;0Hx><!(«5i»2);end) 

Cri»2; 0; 1 »2,i :?(«5 1 » 2 ); end,;?:!<C5 1 »2); end i- x!<i).;s!</t>-0>o 

«ri»2; 0; k : «5i»2 h (v s)(x!<s).s!(A-0)>« 

In the second case, x is shared, and we have the following typing in the source 
language: 

P-x: S i-oo; 0; 0 1 - x>5 i^o r',(D;k: Si i- k>S i 
P- x: S i^o; k: SI xk>o 

The associated typing in the target language is obtained similarly as in the first case. 

□ 


We repeat the statement of Proposition |6^ as in Page[T5| 

Proposition C.5 (Operational Correspondence, HO;7r into tt). Let P be an HOtt pro¬ 
cess such that P',(b',A h P>o. 

(i 

P Suppose P',A h P I—> A' I- P'. Then we have: 

a) If €i — (v m)n\{Ax. Q), then 3P',A",R where either: 

- in?-, H [P]2 ^ r ■«r»2; «zl'»2 H IP'f I fl?(y).y?(x).iei2 

- iff-, ({Af H [P]2 ^ iPf-,A'' h IP'f I 5?(y).y?(x).[0]2 

b) If{\ - nl{Ay.Q) then 3R where either 
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- (rf; ((/if h ipf r; iJ"f h R,for some F' and 
irf-XA'f F IP'f iA"f h (V a)(R I al(y).yl(x).lQf) 

iC\ 1^ 

- iPf-, «zl»2 h IPf ^ iPf-, iA"f h R, and 
iPfXA'f F IP'f iA"f F (V s)(R I 5 ?(y).y?(x).ie] 2 ) 

c) If{\ - T then either: 

- IPR such that 

({pfX; ((Af F iPf 

^ iA'f F (V miPif I (V a)(lP 2 fWx} I * a7(y)y7(x).lQf)) 

- 3R such that 

iPfX-, iAf F IPf 

^ ((A'f F (y m)([Pil2 I (y ^)([P 2 FP/x) I ^?(y).y?(x).ie]2)) 

- irf; ((Af F IPf ^ iPf; ((A'f f [P'F 

- A = and Cr»2; «/)»2 h [Pp A {Pf-, ((A'f F [P'f 

d) If(\ G {«©/,«&/) f/zen 

3h = {{^if ™c/z f/zflf iPf- iAf F [P]2 3. iPf- iA'f F [P'l2_ 

2. Suppose iPf-iAf F [PF ^ iPfXA'f F P. 
aj ^^2 = (y m)n\(m) then either 

(v m)n\{m) ^ 

- 3P' such that P i—> P' and R - [P'p. 

- 3Q,P' such that P' andR^ IP'f \ * a'i(y)y‘i(x).lQf 

- 3Q,P' such that P p' and R = IP'f \ s?(y).y?(x).I2]2 

b) If (2 - nl(m) then either 

nlim) ^ 

- 3P' such that P 1 —> P' and R - [P'p. 

nl(Ax. Q) 

- 3Q,P'such that P 1 —> P' 

and iPf-XA'f F [P'f iA'f F (y a)(R \ ^ al(y)yl(x).lQf) 

n%Ax. Q) 

- 3Q,P such that P 1 —> P 

and iPfXA'f F [P'f ((A'f h (y s)(R \ ^?(y).y?(x).ie]2) 

c) If £2 = T then 3P' such that P P' and iPfXA'f F [P'l^ iA'f h R. 

d) If £2 i {n\(m},n®l,n&l} then 3£\ such that £\ — \£ 2 f and 

P; 3 F P 1 -^ P; 3 F P'. 


Proof The proof is done by transition induction. We conside the two parts separately. 

- Part 1 

- Basic Step: 

- Subcase: P = n!(Ax. Q).P' and also from Definition 6.4 we have that 

[Pf = (y fl)(n!<fl).[P']2 I . fl?0;).y?(x).ie]2) 

Then 

n\{Ax.Q) , , 

r\%\AhP ^ 3'fP' 


^ o "i (y a)n\(a) 

iPfXXAfHPf ^ 


((Af F [P'f I * al(y)yl(x).lQf 
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and from Definition l6.4l 


ln[{Ax.Q}} - (va)nl{a} 


as required. 

- Subcase: P = n!(Ax. Q).P' and also from Definition |6.4| we have that 

[fp = (v i)(n!<i).|[P'p I is similar as above. 

- Subcase P - nl(x).P'. 

- From Definition ^ we have that = n?(x).[P']^ 

Then 


n7{Ax. Q) , , 1 

r-MA'rP 1 -^ z('i-P'{4v.e/x) 


irf-MAf h ipf 


((A'Y^RWx) 


with 

ln7(Ax.Q}f ^ n7(a} 

It remains to show that 

iPf-MA'f h lP'{^^-Qlx]f iA"f h (vfl)(P{«/x) I al(y).yl{x).lQf) 

The proof is an induction on the syntax structure of P'. Suppose P' - xm, then: 
[xm{4x.e/4]2 = lQ{mlx)f 

(y fl)(P{«/x) I a7{y).y7{x)lQf) = (v a)((y 5)(x!<5).5!(m).0){«/x) | a7(y).y7{x).iQf) 

The second term can be deterministically reduced as: 

«r»2;0; «/)"»2 h (y fl)((y 5)(x!<5>.5!<m).0){«/x) | * al{y).yl{x).lQf) 
lA")f h {va){lQnx]f I * a7(y).y7(x).lQf) 

which is bisimilar with: 

iQnx}f 

because a is fresh and cannot interact anymore. 

An interesting inductive step case is parallel composition. Suppose P' = Pi | P 2 . We 
need to show that: 

iPf-Wf h I(Pi I P 2 ){^^-e/x)f iA"f h (y a)(IPi I P 2 f {«/x) I a7{y).yl{x).lQf) 
We know that 

irfAAxf H IPi{4x.e/^)]2 ^ ^ya)(lP,f{aix] I . a7{y).y7{x).lQf) 

irf-XAlf H IP2{4x.e/4]2 ^ (vfl)(|P 2 f {fl/x) I * a?(y).y?(x).[0f) 

We conclude from the congruence of . 
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- The rest of the cases for Part 1 are easy to follow using Definition |6.4| 

- Part 2. 


The proof for Part 2 is straightforward following Definition 6.4 We give some distinc¬ 
tive cases: 

- Case P - n\{Ax. Q).P' 


n!(Ax.Q) 

r-,A h p i—r A' h p' 

iPf-AAf H [Pf (A'f h IP'f I * fl?(y).y?(^).[ef 


as required. 

- Case P = rf!{x).P' 


nl{Ax. Q) , , , 

r-,A H P A' h P'A^-IQ}x 

iPf-AAf^lPf iA"f^lP'f\‘^lx] 

We now use a similar argumentation as the input case in Part 1 to prove that: 
r-A' h Qlx] iA"f h (y a){lP'f\aix] \ * al{y).yl{x).lQf) 


□ 


C.3 Properties for : HO/r"^ -> HO;r 

We study the properties of the typed encoding in Definition |8 .1 1 (Page [39|. 

We repeat the statement of Proposition |8T] as in Page[40| 

Proposition C.6 (Type Preservation. From HOtt^ to H0.7r). Let Pbe a HO.Tr''' process. 
IfrA-,A h P>o then ((rf;l!);((Af h [Pf >o. 

Proof. By induction on the inference of P;0;2l h P>o. We detail some representative 
cases: 

1. Case P = u\{Ax. Q).P'■ Then we may have the following typing in HOtt^: 


r ■ x: L',A2',A2i-Q>o P ■ x\LAA h x> L 
r\A\\Ai -u: S h P'>0 r;A2',A2 H Ax: L.Q>L-oo 

r;Ai- A2 ',Ai ■A2-u :l{L^o);S i- u\{Ax. Q).P' >o 


irfAAxfAMf-u: isf h lP'f >0 
(rf-x:(LfAA2fAA2f H [Qf>0 
({rf-x:({LfAA^x>({Lf 


Thus, by IH we have: 


(87) 

( 88 ) 
(89) 
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The corresponding typing in HO;r is as follows: 


_ J88]l _ _ 

«03. ^: «L»3; «A2»3; «zl2>3. z: end h > o (|89l) 
«0)3; «A2>3; C2l2»3 -z end h z?(x).[Qf > « 


_ _ (r}3;0;z :?(CL»3);end h z>?(«L))3);end 

ill* «n)^:CA2»3:Cd2»3 H dz.z?W.[(2]]3>(?(((L))3);end)^o 


2. Case F - (Ax.F)(Ay.Q). We may have different possibilities for the types of each 
abstraction. We consider only one of them, as the rest are similar: 


F-X : C—^o;A;/li h F>o r;&;/l 2 ,y: C i-Q>o 


T;A;Ai h Ax.F>(C-oo)-oo T;0;zl2 i- Ay.Q>C-oo 


r;A;Ai ■/I 2 I-(Ax.F)(Ay. Q)>o 


Thus, by IH we have: 


«r»3 . X: «C^o>3; ^Af ;«A 1 »3 ^ IFf >0 

irf-,Mzii))\y:({C)f^lQf>o 


(91) 

(92) 


The corresponding typing in HO;7r is as follows — recall that ({C-oo))3 = ^C))^-oo. 


m 


«r»3 .X : «C^o»3;«A»3; CAi» 3 ■ ^ : end h [P]3 >o 
«r»3;«A»3 ;«Ai» 3 • i :?(«C^o»3); end h i?(;c).IPl3 >o 


(93) 


m. 




Cr))3;0;Czl2»^.y:CC))3h[g]3>o 
(rf;0;((A2f h Ay. [g]^ >«C^o»3 
(rf;0;((A2fA: end h Ay. [g]3 >«C^o))3 
cr»3;0; Cd2»3 • 5 : !<«C^O»3>; end h 5!<Ty. [ei^>.0> O 


C03;«A»3;CAi))3.Czl2»3-^:?(«C^o»3);end-:?:!(CC^o)3);endh^?(x).[T]3|;?!<dy.[g]3).0>o 
Cr»3;«A»3;CAi»3 ■ (^ 2 ^ h (v s)(s?(x).[Pf | 5!<Tv. iei^>.0)>o 


□ 

We repeat the statement of Proposition |8^ as in Page[40| 

Proposition C.7 (Operational Correspondence. From HOtt^ to HOrr). 

7. Let r;&;A h F. T;A h F 1 —> A' h F' implies 

a) If£e{(vm)n[{Ax.Q},n7{Ax.Q}} then (rf;((Af h |[P]3 ((A'f h 
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b) If( i {(v m)n\{Ax. Q),n?(Ax. Q),t) then iff- {Af h IPf ^ ((A'f h IP']l 

c) Iff = Tp then irf-,iAf h IPf ^A"i-R and irfiA'flP'f^^A"R. 

d) If( ^Tandt^Tp then (rf;((Af h (A'f h IP'f. 

2. Let r-(d-A h P. ((Pf'AAf h [Pp ((A"f h Q implies 

a) If { e {(v m)n\{Ax. Q),nl{Ax. Q},t] then r\A \- P i—> A' h P' with {P))^ = £ and 

Q=lP'f. 

b) If£ i {(v m)n\{Ax.R),nl{Ax.R),T) then r\A v- P i—> A' v- P' and Q = |[P']^. 

c) If £ — T then either r;A h A i—> A' v- P' with Q = [P']^ 

or P;/) H zl /I' H P' and (rf;((A''})^ F Q (A"f h |[P']l 


Proof 1. The proof of Part 1 does a transition induction and considers the mapping 
as defined in Definition 8.1 We give the most interesting cases. 


- Case: P = (Tx. 2i)/lx. 22- 
P;z) h (Ax.Qi)Ax.Q 2 a h Q\{2-x.Q2l x] implies 


iPf-XAf F (V 5)(5?(x).[eif I -s\{Ax. [22^ ).0) ^ «zl'»^ F IQlf j x] 


- Case: P - n\{Ax.Q}.P 

n\{Ax. Q) 

r^A n\{Ax.Q).P \ —> zl I- P implies 

{{rfXAlf F n\{Az.zl(xnQf).lPf ^ ^ zl F [P ]3 

- Other cases are similar. 


2. The proof of Part 2 also does a transition induction and considers the mapping as 
defined in Definition 8.1 We give the most interesting cases. 

- Case: P = (Tx. 2i)dx. 22- 


«P»3;^0; «zl»3 h(v5)((Tz.z?(x).[21^)5|^!(Tx.22).0) 
^ iA'f F (V ^)(^?(x).I21^ I ^!<dx.22).0) 


implies P;zl F (Tx.2i)dx.22 f-^ zI f 2i{'^^' ^'^Ix] and 

«pZ;0; ((Af F (v ^)(^?(x).[2lZ 22).0) 

A iA'f F lQa\^x.lQ2flx] 


- Case: P — n\{Ax.Q}.P 

^ n 1 o nliAz.ztUyWf) 1 

«03;Czl»3 h n\{Az.zl{xnQf).lPf At- [Pf and 

n\{Ax. Q) 

r;Ai-n\{Ax.Q}.P A h P 

- Other cases are similar. 

□ 
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C.4 Properties for : HOtt —> HOtt 

We study the properties of the typed encoding in Definiti on|8.2| (Page[43]l. 

We repeat the statement of Proposition |8^ as in Page [4^ 

Proposition C.8 (Type Preservation. From HOt? to HOtt). Let P be a HOif process. 
If r;0;zl I- P>o then i- [Pf >o. 


Proof. By induction on the inference r\%\A h P>o. We examine two representative 
cases, using biadic communications. 


1. Case P = n\{V).P' and r\%\A\ -Aj ■ n :!((Ci,C2)-oo);5 h n\{V).P' >o. Then either 
V - y or V — A(xi,X 2 ). Q, for some Q. The case V = y is immediate; we give details 
for the case V - A(xi,X 2 ). Q, for which we have the following typing: 

_ r;(/>;A 2 -xi : Cl ■.^2 : C 2 I- Q>o 

r;%;Ai ■ n : S i-P'>o r;%;A 2 i- A(xi,X 2 ).Q>(Ci,C 2 )-°o 
r;(l)',Ai ■A 2 -n :!{(Ci,C2)^o);5 h ^!{/l(.xi,X 2 ). 2).P>o 

We now show the typing for [P]'*. By IH we have both: 


: ({Sf h [P'lVo : {{Cif-X 2 : (<€ 2 / h lQf>o 


Let L = (Ci,C 2 )^o. By Dehnition 8.2 we have ilf = (?(«Ci>r); ?(«C 2 )r); end)^« 


and [Pp = n\{Az.z^.{x\).zl{x 2 )■l.OT).[P'V■ We can now infer the following typing 
derivation: 


CP»";0;«zl2))^-^i : CCi>"-^2 : jCzY b E61">o 
irY-,Wiy-xi : «Ci))'^-X2 : CC2»"-z: endHQ]Vo 
«P»4;0; jAzY ■ XI : ((Ci))^ -z :?(«C 2 »'^); end h zl{x 2 ).lQt > <> 
jry- 0; iA 2 Y ■ z :?(«Ci»4); ?(«C 2 »^); end h z?(^i).z?(^ 2 ).[e]^ > o 
iPY-MAzY h Az.zl{x,).zl{x2).lQY>{iCiYAC2Y)^o 

CP»P;0;«2li»P-^:«5»PhIP']P>o ® 


(94) 


«P»4;0; (A 1 »4 ■ «zl2>4. „ :!<«L»4);«5»4 h IP]4 >0 
2. Case P = nl{x\,X 2 ).P' and r;%;Ai -n ■.!{{€\,C 2 ))', S 1 - nl{x\,X 2 ).P' ><>■ We have the 
following typing derivation: 

P;0;zli ■ n : 5 ■ xi : Ci ■X 2 : C 2 H P' >0 P;0; h xi,X 2 >Ci,C 2 


By Definition 


8.2 


r;(l>;Ai -n :?((Ci,C2));5 1 - n?(xi,X 2 ).P' >0 
we have |P]^ = n?(xi).A:?(x 2 ).[P']^. By IH we have 


«P>^0; iA,)f-n-.iS)Y-xr.iC,Y-X2-. iC2Y H [P'f >0 


and the following type derivation: 


iPY-MAY-xi : «Ci»'^-X 2 : jCzY-n: jSY P lP'Y>o 
«r))4;0;«zli»4.xi : «Ci))4-« :?(«C2»4);«5»4 h n?(x2).[P']4>o 
CP))4;0;«zli»4.n :?(CCi»4);?(CC2»4);«5»4 h [Pl4>o 
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□ 

We repeat the statement of Proposition |8.6| as in Page [4^ 

Proposition C.9 (Operational Correspondence. From HOt? to HO;r). 

1. Let r;%;A i- P. Then r;A i- P i—> A' h P' implies 

a) If£ = (v m')n\{m) then irYAAf h [Pf ... iA'f h [Pf with {if = 

{\ ...In- 

b) If€ = nl{m) then iPf-iAf V [Pf ^...^{A'f^ [Pf with f 

c) If{ e {(v m)n\{Ax.R),nl{Ax.R)} then «P/;«/l/ H [Pf ((A'f h [P'f with 

d) If( e {«©/,«&/) then iPf-AAf i- [Pf ((A'f h [P'f. 

e) If{^ Tp then either iPfA^t F [Pf ... A {A't F [P'f with SCf = 

T/Sits . . .Ts. 

f) If e^T then F [Pf A ... A lA'f h [P'f with = T...T. 

2. Let r-,%-,A I- P. irfA^f F [P]4 A iAif h Pi impPei 

flj Ift e {n?(m),n!(m),(v m)n\{m)] then r;A 1- P i—> A' I- P' ant/ 

«C»4; iAif H Pi ^ ... A «zl'»4 H «P'»4 with Uf 

b) If ( & {(v m)n\{Ax.R),nl{Ax.R)) then r',A P i—> A' h P' with {('Y' - i <^nd 
P\ = [P'f. 

c) Iff e {n®l,n&l} then r',A i- P i—> A' P' and Pi s [P']”*. 

d) If! = Tp then P-AhP^A'^ P' and ({P/; C.4i»‘^ i- Pi A ... A (A'f h «P'»‘^ 
with {lY ^Tp,Ts...Ts. 

e) Ifl^T then r-A^P^A'\-P' and «P»^;«/li/ h Pi A ... A iA'f h «P'/ 

with -T...T. 


Proof. The proof of both parts is by transition induction, following the mapping defined 
in Definition 8.1 We consider some representative cases, using biadic communication; 


• Case (1(a)), with P = n\{mi,m 2 ).P' and €\ - nlfnipnf}. By assumption, P is well- 
typed. As one particular possibility, we may have: 


r;%',Ao-n : S h P' >o rApnp.S i ■ nii'.Si 'rm\,m 2 >S 1,82 
r',%',AQ-m\:S \-m 2 '.S 2 'n'.\{S\,S 2 )\S h n\{m\,m 2 ).P' >0 

for some r,S,S i,S 2 ,Ao, such thatzl -Ao-mi:S i- 1112:8 2 -n :\{S i,S 2 )',S. We may then 
have the following typed transition 


P;z)o ■ mi: 8 1 -m 2 : 82 - n :\{8 \ , 82)\8 1 - n\{mi,m 2 ).P' 


r;Ao ■ n :8 1 - 


P' 


The encoding of the source judgment for P is as follows: 

(pY;&A^ o-mi: 8 i-m 2 : 82 -n:!( 8 i, 82 }; 8 fhln!(mi,m 2 }-P'f>o 
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which, using Definition [8]T] can be expressed as 

Now, = n\{mi),n\{m 2 )■ It is immediate to infer the following typed transitions 
for IPf = n\{mi).n\{m 2 ).lP't-. 

«0";«2lo» ■ ■ m 2 :iS 2 t ■ n :!<«5 1 )^); !<C52»");«5/ h n\{m,) .n\{m 2 ) IP't 

«zlo» ■ m2:C52)/■ n : !<«5 2 »^>; 

= ({rf-,({Ao-n:SfnP'f 

which concludes the proof for this case. 

• Case (1(c)) with P - n\{A{x\,X 2 )-Q)-P' and (\ - n]{A(xi,X 2 }-Q}- By assumption, P 
is well-typed. We may have: 

r;%;Ao-n : S i- P'>o r;®;A\ h A(xi,X 2 ). Q>(Ci,C 2 )-°o 
r;0;Ao-Ai -n :!<(Ci,C2)-oo>;5 i- n\{A{xi,X 2 ).Q).P' >o 

for some C, 5, Ci, C 2 , Aq, A\, such that A - Aq-A\ -n ■.\{(C\,C 2 )-°<>)\S. (For sim¬ 
plicity, we consider only the case of a linear function.) We may have the following 
typed transition: 


r;/lo ■ 2 l 1 ■ n : !((Ci, €2)^0)-,S h n\{A{xi,X2). Q).P' r;zlo ■ n:S 1- P' 

The encoding of the source judgment is 

irf-0-iAQ-A,-n-.\{{CuC2)^o)\St h ln\{A{xuX2).Q).P't >0 

which, using Definition [STj can be equivalently expressed as 

«r»4;0;«z(o-2li>-n:!<(?(CCi>4);?(CC2>");end)^o);C5»Sn!<Tz.z?(^i).z?(^2).ief>.IF'f>o 

Now, = n!{/lz.z?(xi).z?( 2 i: 2 ).[ 2 ]^). It is immediate to infer the following typed 
transition for = n!(/lz.z?(.xi).z?(2C2)-I21"^>-IF']'‘: 

«r>4;C^o-/li»-«:!<(?(«Ci»^);?(«C2»'*);end)^o);C5»Sn!(Tz.z?(xi).z?(x2).ief>.[F'f 

= irfAAo-n-.Sf^lP't 

which concludes the proof for this case. 

• Case ( 2 (a)), with P - nl{x\,X2)-P', = n?(xi).n?(.r2)-IF']^. We have the follow¬ 

ing typed transitions for [P]'*, for some 5 , S\,S2, and A: 

irt-iAf-nP.{iSif)-,mS2f)ASf- H nl{x,).nl{x2).lP't 

«r»4;«zl»4.„ :?(«52»^);«5»^-mi : «5 h«?(^ 2).[P'l>i/vi) 

«r» 4 ;«zl» 4 .„ : : iS,f-m 2 : C 52 »^ H IP'f^Ux,]r 2 l^2] = Q 
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Observe that the substitution lemma (Lemma [3.1[ l)) has been used twice. It is then 
immediate to infer the label for the source transition: (i - Ti!{m\ , OT 2 )- Indeed, Ki = 
nl{mi),nl{m 2 ). Now, in the source term P we can infer the following transition: 

r;A n :1{S 1 , 52 );5 h nl(x\,X 2 )-P' r',A ■ n:S - mi : 5 1 ■ m 2 : ^2 F f’'{'”i>™ 2 /xi,x 2 ) 


which concludes the proof for this case. 

. Case (2(b)), with P = n\{A(xuX 2 ). Q).P', [Pf ^n\{Az.zl{xi).zl{x 2 ).lQf).lP'f. We 
have the following typed transition, for some 5, Ci, C 2 , and A: 

(in^-AAf-n: ((\{(CuC2)^o);Sf h n!(dz.z?(xi).z?(x2).ief >.[P'f 

^ an^A^f-n : « 5»4 H IP'f ^ Q 

where Pj = n\{Az.z'^■{x\).z^{x 2 )\Ql‘^)■ For simplicity, we consider only the case of 
linear functions. It is then immediate to infer the label for the source transition: - 
n\{A{xi,X 2 )- Q)- Now, in the source term P we can infer the following transition: 

r-,A-n\\{{CuC 2 )^o)\S bn\{Axi,X 2 .Q).P' ^r-,A-n-.S h P' 


which concludes the proof for this case. 


□ 


